[jira] [Updated] (IO-368) ClassLoaderObjectInputStream does not handle primitive typed members

Sun, 24 Feb 2013 06:00:16 -0800 

     [ 
https://issues.apache.org/jira/browse/IO-368?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Thomas Neidhart updated IO-368:
-------------------------------

    Attachment: IO-368.patch

I could not reproduce the problem with the following jdks:

 * Sun JDK 1.5 update 22
 * Oracle JDK 1.6 update 41
 * OpenJDK 1.6 b27
 * OpenJDK 1.6 u13

But I think the code could be improved to the following:

if a ClassNotFoundException is thrown, delegate to the superclass.

The default ObjectInputStream does something similar:

if the class could not be found, check in a HashMap if it is one of the 
primitive types.

The null check is spurious imho, does Class.forName ever return null?
                
> ClassLoaderObjectInputStream does not handle primitive typed members
> --------------------------------------------------------------------
>
>                 Key: IO-368
>                 URL: https://issues.apache.org/jira/browse/IO-368
>             Project: Commons IO
>          Issue Type: Bug
>          Components: Streams/Writers
>    Affects Versions: 2.0.1
>         Environment: Single node computer, running standard JVM (Oracle 1.6.0)
>            Reporter: Thaddeus Diamond
>         Attachments: IO-368.patch
>
>
> Any class with a simple primitive (such as long, or int) cannot be 
> deserialized.  For example, the following code:
> {code:java}
>     ObjectInputStream ois = null;
>     try {
>       ois = new ClassLoaderObjectInputStream(getClass().getClassLoader(), new 
> ByteArrayInputStream(bytes));
>       return (T) ois.readObject();
>     } catch (ClassNotFoundException e) {
>       LOGGER.error("Deserialization failed for {}", objectClass, e);
>     } catch (IOException e) {
>       LOGGER.error("Deserialization failed for {}", objectClass, e);
>     } finally {
>       if (ois != null) {
>         try {
>           ois.close();
>         } catch (IOException ignored) {
>         }
>       }
>     }
> {code}
> Will fail if bytes represents a byte[] of the serialized version of the 
> following class:
> {code:java}
> public class Foo {
>   private static final long serialVersionUID = 1L;
>   private long thisFieldWillCauseCLOISToFail;
>   // class logic, ctors, etc...
> }
> {code}
> With the following stacktrace:
> {noformat}
> Caused by: java.lang.ClassNotFoundException: long
>         at java.net.URLClassLoader$1.run(URLClassLoader.java:202)
>         at java.security.AccessController.doPrivileged(Native Method)
>         at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
>         at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
>         at java.lang.ClassLoader.loadClass(ClassLoader.java:247)
>         at java.lang.Class.forName0(Native Method)
>         at java.lang.Class.forName(Class.java:247)
>         at 
> org.apache.commons.io.input.ClassLoaderObjectInputStream.resolveClass(ClassLoaderObjectInputStream.java:68)
>         at 
> java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1574)
>         at 
> java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1495)
>         at java.io.ObjectInputStream.readClass(ObjectInputStream.java:1461)
>         at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1311)
>         at 
> java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1946)
>         at 
> java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1870)
>         at 
> java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1752)
>         at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328)
>         at 
> java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1946)
>         at 
> java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1870)
>         at 
> java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1752)
>         at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328)
>         at 
> java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1946)
>         at 
> java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1870)
>         at 
> java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1752)
>         at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328)
>         at 
> java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1946)
>         at 
> java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1870)
>         at 
> java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1752)
>         at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328)
>         at java.io.ObjectInputStream.readObject(ObjectInputStream.java:350)
>         at java.util.ArrayList.readObject(ArrayList.java:593)
>         at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)
>         at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>         at java.lang.reflect.Method.invoke(Method.java:597)
>         at 
> java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:974)
>         at 
> java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1848)
>         at 
> java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1752)
>         at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328)
>         at 
> java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1946)
> ...
> {noformat}
> Of some relevance may be:
> http://issues.liferay.com/browse/LPS-30742
> https://groups.google.com/forum/?hl=en&fromgroups=#!topic/akka-user/3PC4L48qyqs

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to