Details
Description
The CheckingObjectOutputStream class is using introspection of JVM internals to load object fields and array elements during serialization. This is a risky business given that there is no guarantee that all JVM implementations will implement the serialization internals in the same way. For the crash I am reporting here, we are checking an object that extends BigDecimal, but the J9 VM has its own implementation of BigDecimal and therefore has special handling of BigDecimal serialization so that it can (for compatibility reasons) mimic the byte-stream that would be produced by OpenJDK. This results in the CheckingObjectOutputStream code attempting to read fields out of an object that does not actually exist in the object, but only reflects the fields that will be written out to the serialization byte-stream.
In CheckingObjectOutputStream.checkFields() there is code to prevent checking objects that are instances of String, Number, Date, Boolean and Class. If this check was also done prior to checking array elements in internalCheck() then the the crash I am reporting here would not have occurred and therefore I am proposing that we add the following 'if statement' into the code:
CheckingObjectOutputStream.internalCheck() – Line 394:
for (int i = 0; i < objs.length; i++)
{
if (objs[i] instanceof String || objs[i] instanceof Number ||
objs[i] instanceof Date || objs[i] instanceof Boolean ||
objs[i] instanceof Class)
{
// filter out common cases
}else{
CharSequence arrayPos = new StringBuilder(4).append('[').append(i).append(']');
simpleName = arrayPos;
fieldDescription += arrayPos;
check(objs[i]);
}
}
Attachments
Issue Links
- is duplicated by
-
WICKET-6704 JavaSerializer.serialize causes the JVM crash !
- Resolved
- links to