commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sebb (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (IO-368) ClassLoaderObjectInputStream does not handle primitive typed members
Date Wed, 17 Apr 2013 12:31:16 GMT

    [ https://issues.apache.org/jira/browse/IO-368?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13633983#comment-13633983
] 

Sebb commented on IO-368:
-------------------------

2.0.1 is quite old, but it looks like the class has not changed since then.

I think there is a problem with always delegating to the super implementation for ClassNotFound.
Its class loader may include classes that are not in the specified class loader, so may resolve
classes that should fail.

It looks like the name for primitive types is the same as the keyword - i.e. "int", "long",
"void" etc.
Could compare against a list of valid names before delegating.
                
> ClassLoaderObjectInputStream does not handle primitive typed members
> --------------------------------------------------------------------
>
>                 Key: IO-368
>                 URL: https://issues.apache.org/jira/browse/IO-368
>             Project: Commons IO
>          Issue Type: Bug
>          Components: Streams/Writers
>    Affects Versions: 2.0.1
>         Environment: Single node computer, running standard JVM (Oracle 1.6.0)
>            Reporter: Thaddeus Diamond
>         Attachments: IO-368.patch
>
>
> Any class with a simple primitive (such as long, or int) cannot be deserialized.  For
example, the following code:
> {code:java}
>     ObjectInputStream ois = null;
>     try {
>       ois = new ClassLoaderObjectInputStream(getClass().getClassLoader(), new ByteArrayInputStream(bytes));
>       return (T) ois.readObject();
>     } catch (ClassNotFoundException e) {
>       LOGGER.error("Deserialization failed for {}", objectClass, e);
>     } catch (IOException e) {
>       LOGGER.error("Deserialization failed for {}", objectClass, e);
>     } finally {
>       if (ois != null) {
>         try {
>           ois.close();
>         } catch (IOException ignored) {
>         }
>       }
>     }
> {code}
> Will fail if bytes represents a byte[] of the serialized version of the following class:
> {code:java}
> public class Foo {
>   private static final long serialVersionUID = 1L;
>   private long thisFieldWillCauseCLOISToFail;
>   // class logic, ctors, etc...
> }
> {code}
> With the following stacktrace:
> {noformat}
> Caused by: java.lang.ClassNotFoundException: long
>         at java.net.URLClassLoader$1.run(URLClassLoader.java:202)
>         at java.security.AccessController.doPrivileged(Native Method)
>         at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
>         at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
>         at java.lang.ClassLoader.loadClass(ClassLoader.java:247)
>         at java.lang.Class.forName0(Native Method)
>         at java.lang.Class.forName(Class.java:247)
>         at org.apache.commons.io.input.ClassLoaderObjectInputStream.resolveClass(ClassLoaderObjectInputStream.java:68)
>         at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1574)
>         at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1495)
>         at java.io.ObjectInputStream.readClass(ObjectInputStream.java:1461)
>         at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1311)
>         at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1946)
>         at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1870)
>         at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1752)
>         at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328)
>         at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1946)
>         at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1870)
>         at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1752)
>         at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328)
>         at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1946)
>         at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1870)
>         at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1752)
>         at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328)
>         at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1946)
>         at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1870)
>         at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1752)
>         at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328)
>         at java.io.ObjectInputStream.readObject(ObjectInputStream.java:350)
>         at java.util.ArrayList.readObject(ArrayList.java:593)
>         at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)
>         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>         at java.lang.reflect.Method.invoke(Method.java:597)
>         at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:974)
>         at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1848)
>         at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1752)
>         at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328)
>         at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1946)
> ...
> {noformat}
> Of some relevance may be:
> http://issues.liferay.com/browse/LPS-30742
> https://groups.google.com/forum/?hl=en&fromgroups=#!topic/akka-user/3PC4L48qyqs

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message