You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@dubbo.apache.org by "haiyang1985 (GitHub)" <gi...@apache.org> on 2019/03/28 10:27:19 UTC

[GitHub] [incubator-dubbo] haiyang1985 opened issue #3766: Hessian2 writePlace causes StackOverflow in Dubbo package

- [ ] I have searched the [issues](https://github.com/apache/incubator-dubbo/issues) of this repository and believe that this is not a duplicate.
- [ ] I have checked the [FAQ](https://github.com/apache/incubator-dubbo/blob/master/FAQ.md) of this repository and believe that this is not a duplicate.

### Environment

* Dubbo version: 2.7.0
* Operating System version: Mac OS
* Java version: 1.8

### Steps to reproduce this issue

#2031 have fixed the writePlace stackOverflow issue. The code have been merged into hessian-lite, but not in dubbo. 
Right now, the issue still there in dubbo 2.7.0. But we are not able to embed hessian-lite, as we are not able to remove hessian from dubbo(conflicts as below).
Found in:
    org.apache.dubbo:dubbo:jar:2.7.0:compile
    com.alibaba:hessian-lite:jar:3.2.5:compile
  Duplicate classes:
    com/alibaba/com/caucho/hessian/io/HessianDebugState$DateState.class
    com/alibaba/com/caucho/hessian/io/ThrowableSerializer.class


1. Define a class with a writeReplace method return this
public class WriteReplaceReturningItself implements Serializable {

    private static final long serialVersionUID = 1L;

    private String name;

    WriteReplaceReturningItself(String name) {
      this.name = name;
    }

    public String getName() {
      return name;
    }

    /**
     * Some object may return itself for wrapReplace, e.g.
     * https://github.com/FasterXML/jackson-databind/blob/master/src/main/java/com/fasterxml/jackson/databind/JsonMappingException.java#L173
     */
    Object writeReplace() {
      //do some extra things

      return this;
    }
  }
2. Use Hessian2Output to serialize it
ByteArrayOutputStream bout = new ByteArrayOutputStream();
  Hessian2Output out = new Hessian2Output(bout);

  out.writeObject(data);
  out.flush();

3. Error occurs
java.lang.StackOverflowError
  at com.alibaba.com.caucho.hessian.io.SerializerFactory.getSerializer(SerializerFactory.java:302)
  at com.alibaba.com.caucho.hessian.io.Hessian2Output.writeObject(Hessian2Output.java:381)
  at com.alibaba.com.caucho.hessian.io.JavaSerializer.writeObject(JavaSerializer.java:226)
  at com.alibaba.com.caucho.hessian.io.Hessian2Output.writeObject(Hessian2Output.java:383)
  at com.alibaba.com.caucho.hessian.io.JavaSerializer.writeObject(JavaSerializer.java:226)

Pls. provide [GitHub address] to reproduce this issue.

### Expected Result
The serialization process should complete with no exception or error.



### Actual Result

java.lang.StackOverflowError
  at com.alibaba.com.caucho.hessian.io.SerializerFactory.getSerializer(SerializerFactory.java:302)
  at com.alibaba.com.caucho.hessian.io.Hessian2Output.writeObject(Hessian2Output.java:381)
  at com.alibaba.com.caucho.hessian.io.JavaSerializer.writeObject(JavaSerializer.java:226)
  at com.alibaba.com.caucho.hessian.io.Hessian2Output.writeObject(Hessian2Output.java:383)
  at com.alibaba.com.caucho.hessian.io.JavaSerializer.writeObject(JavaSerializer.java:226)

[ Full content available at: https://github.com/apache/incubator-dubbo/issues/3766 ]
This message was relayed via gitbox.apache.org for notifications@dubbo.apache.org

[GitHub] [incubator-dubbo] haiyang1985 commented on issue #3766: Hessian2 writePlace causes StackOverflow in Dubbo 2.7.0

Posted by "haiyang1985 (GitHub)" <gi...@apache.org>.

Are we going to remove hessian from 2.7.0 or merge the PR for dubbo? 

[ Full content available at: https://github.com/apache/incubator-dubbo/issues/3766 ]
This message was relayed via gitbox.apache.org for notifications@dubbo.apache.org