[jira] [Commented] (IO-766) ValidatingObjectInputStream

Thu, 14 Apr 2022 08:02:06 -0700 


    [ 
https://issues.apache.org/jira/browse/IO-766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17522368#comment-17522368
 ] 

Gilles Sadowski commented on IO-766:
------------------------------------

bq. where is the documentation on this?

https://docs.oracle.com/javase/tutorial/reflect/class/classNew.html

> ValidatingObjectInputStream
> ---------------------------
>
>                 Key: IO-766
>                 URL: https://issues.apache.org/jira/browse/IO-766
>             Project: Commons IO
>          Issue Type: Bug
>         Environment: Java 8, Ubuntu 16.04 LTS, Eclipse Neon, Apache Commons 
> IO 2.11.0
>            Reporter: Jonathon Nicholas Sanders
>            Priority: Major
>         Attachments: .checksum.md5, Unit Test Case_20220413.zip
>
>
> I have been using ValidatingObjectInputStream and found a bug.
>  
> It appears when you have an ArrayList of String it fails to validate the 
> String.class ( [Ljava.lang.String; ) because somehow some extra data in the 
> full class name causes an error. Currently I have no work around, I could 
> edit the source, and see if I can hunt down the bug myself, but I don't think 
> my project manager would care for that option if it takes me too much time, 
> the other is also not ideal and that is avoid using ArrayList<String>.... but 
> the again, this could be an issue for any ArrayList of Classes.
>  
> I am using Oracle Java 8 on Ubuntu 16.04 LTS, here is my stacktrace. I have 
> removed references to my classes for the sake of confidentiality.
>  
> Apr 08, 2022 3:07:33 PM gov.jdaccs.views.__ openConfiguration
> SEVERE: Class name not accepted: [Ljava.lang.String;
> java.io.InvalidClassException: Class name not accepted: [Ljava.lang.String;
> at 
> org.apache.commons.io.serialization.ValidatingObjectInputStream.invalidClassNameFound(ValidatingObjectInputStream.java:95)
> at 
> org.apache.commons.io.serialization.ValidatingObjectInputStream.validateClassName(ValidatingObjectInputStream.java:82)
> at 
> org.apache.commons.io.serialization.ValidatingObjectInputStream.resolveClass(ValidatingObjectInputStream.java:100)
> at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1859)
> at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1745)
> at java.io.ObjectInputStream.readArray(ObjectInputStream.java:1921)
> at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1561)
> at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:2278)
> at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2202)
> at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2060)
> at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1567)
> at java.io.ObjectInputStream.readObject(ObjectInputStream.java:427)
> at java.util.ArrayList.readObject(ArrayList.java:797)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:1158)
> at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2169)
> at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2060)
> at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1567)
> at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:2278)
> at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2202)
> at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2060)
> at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1567)
> at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:2278)
> at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2202)
> at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2060)
> at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1567)
> at java.io.ObjectInputStream.readObject(ObjectInputStream.java:427)
> at gov.jdaccs.config.__.readConfiguration(__.java:74)
> at gov.jdaccs.views.__.openConfiguration(__.java:511)
> at gov.jdaccs.views.__.loadDefaults(__.java:757)
> at gov.jdaccs.views.__.createNewConfiguration(__.java:2508)
> at gov.jdaccs.views.__.<init>(__.java:262)
> at gov.jdaccs.views.__.main(_.java:2534)



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to