You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by mg...@apache.org on 2019/09/30 12:47:14 UTC
[wicket] 01/01: WICKET-6704 JavaSerializer.serialize causes the JVM
crash !
This is an automated email from the ASF dual-hosted git repository.
mgrigorov pushed a commit to branch WICKET-6704-PropertyChangeSupport-serialization-problem
in repository https://gitbox.apache.org/repos/asf/wicket.git
commit 8c89c0138d050baa179c349beee5d1f088adc760
Author: Martin Tzvetanov Grigorov <mg...@apache.org>
AuthorDate: Mon Sep 30 15:46:28 2019 +0300
WICKET-6704 JavaSerializer.serialize causes the JVM crash !
Do not check instances of PropertyChangeSupport whether they are Serializable because PropertyChangeSupport#writeObject() adds extra fields which confuse CheckingObjectOutputStream
---
.../checker/CheckingObjectOutputStream.java | 5 +-
...bjectOutputStreamPropertyChangeSupportTest.java | 84 ++++++++++++++++++++++
2 files changed, 88 insertions(+), 1 deletion(-)
diff --git a/wicket-core/src/main/java/org/apache/wicket/core/util/objects/checker/CheckingObjectOutputStream.java b/wicket-core/src/main/java/org/apache/wicket/core/util/objects/checker/CheckingObjectOutputStream.java
index 4978c0e..eb8d531 100644
--- a/wicket-core/src/main/java/org/apache/wicket/core/util/objects/checker/CheckingObjectOutputStream.java
+++ b/wicket-core/src/main/java/org/apache/wicket/core/util/objects/checker/CheckingObjectOutputStream.java
@@ -16,6 +16,7 @@
*/
package org.apache.wicket.core.util.objects.checker;
+import java.beans.PropertyChangeSupport;
import java.io.Externalizable;
import java.io.IOException;
import java.io.ObjectOutput;
@@ -566,7 +567,9 @@ public class CheckingObjectOutputStream extends ObjectOutputStream
{
if (objVals[i] instanceof String || objVals[i] instanceof Number ||
objVals[i] instanceof Date || objVals[i] instanceof Boolean ||
- objVals[i] instanceof Class)
+ objVals[i] instanceof Class ||
+ objVals[i] instanceof PropertyChangeSupport // WICKET-6704
+ )
{
// filter out common cases
continue;
diff --git a/wicket-core/src/test/java/org/apache/wicket/core/util/objects/checker/CheckingObjectOutputStreamPropertyChangeSupportTest.java b/wicket-core/src/test/java/org/apache/wicket/core/util/objects/checker/CheckingObjectOutputStreamPropertyChangeSupportTest.java
new file mode 100644
index 0000000..a81eed2
--- /dev/null
+++ b/wicket-core/src/test/java/org/apache/wicket/core/util/objects/checker/CheckingObjectOutputStreamPropertyChangeSupportTest.java
@@ -0,0 +1,84 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.wicket.core.util.objects.checker;
+
+import java.beans.PropertyChangeSupport;
+import java.io.Serializable;
+import java.util.concurrent.Callable;
+import java.util.concurrent.Future;
+import java.util.concurrent.FutureTask;
+
+import org.apache.wicket.serialize.java.JavaSerializer;
+import org.junit.Test;
+
+/**
+ * Test for https://issues.apache.org/jira/browse/WICKET-6704
+ */
+public class CheckingObjectOutputStreamPropertyChangeSupportTest {
+
+ /**
+ * The test should either pass and log an ERROR
+ * or cause a JVM crash
+ */
+ @Test
+ public void serializePropertyChangeSupport()
+ {
+ JavaSerializer serializer = new JavaSerializer("test");
+ serializer.serialize(new ObjectToPersist());
+ }
+
+ static abstract class AbstractObjectToPersist implements Serializable {
+
+ private static final long serialVersionUID = 1L;
+
+ // if we move this field to the child class, the JVM crash is not reproducible, weird !
+ private PropertyChangeSupport propertyChangeSupport;
+
+ protected AbstractObjectToPersist() {
+ super();
+ // if we use PropertyChangeSupport directly, the JVM crash is not reproducible, weird !
+ propertyChangeSupport = new ExtendedPropertyChangeSupport(this);
+ }
+
+ }
+
+ static class ExtendedPropertyChangeSupport extends PropertyChangeSupport {
+
+ ExtendedPropertyChangeSupport(Object sourceBean) {
+ super(sourceBean);
+ }
+
+ }
+
+ class ObjectToPersist extends AbstractObjectToPersist {
+
+ // 1. this field is INTENTIONALLY not serializable to be able to trigger JVM crash
+ // 2. normally wicket handle this correctly by throwing the NotSerializableException, but in this example the JVM crash
+ private Future<Object> future;
+
+ ObjectToPersist() {
+ super();
+
+ future = new FutureTask<Object>(new Callable() {
+ public Object call() throws Exception {
+ return new Object();
+ }
+ });
+ }
+ }
+
+}