You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by mg...@apache.org on 2019/09/30 12:47:14 UTC

[wicket] 01/01: WICKET-6704 JavaSerializer.serialize causes the JVM crash !

This is an automated email from the ASF dual-hosted git repository.

mgrigorov pushed a commit to branch WICKET-6704-PropertyChangeSupport-serialization-problem
in repository https://gitbox.apache.org/repos/asf/wicket.git

commit 8c89c0138d050baa179c349beee5d1f088adc760
Author: Martin Tzvetanov Grigorov <mg...@apache.org>
AuthorDate: Mon Sep 30 15:46:28 2019 +0300

    WICKET-6704 JavaSerializer.serialize causes the JVM crash !
    
    Do not check instances of PropertyChangeSupport whether they are Serializable because PropertyChangeSupport#writeObject() adds extra fields which confuse CheckingObjectOutputStream
---
 .../checker/CheckingObjectOutputStream.java        |  5 +-
 ...bjectOutputStreamPropertyChangeSupportTest.java | 84 ++++++++++++++++++++++
 2 files changed, 88 insertions(+), 1 deletion(-)

diff --git a/wicket-core/src/main/java/org/apache/wicket/core/util/objects/checker/CheckingObjectOutputStream.java b/wicket-core/src/main/java/org/apache/wicket/core/util/objects/checker/CheckingObjectOutputStream.java
index 4978c0e..eb8d531 100644
--- a/wicket-core/src/main/java/org/apache/wicket/core/util/objects/checker/CheckingObjectOutputStream.java
+++ b/wicket-core/src/main/java/org/apache/wicket/core/util/objects/checker/CheckingObjectOutputStream.java
@@ -16,6 +16,7 @@
  */
 package org.apache.wicket.core.util.objects.checker;
 
+import java.beans.PropertyChangeSupport;
 import java.io.Externalizable;
 import java.io.IOException;
 import java.io.ObjectOutput;
@@ -566,7 +567,9 @@ public class CheckingObjectOutputStream extends ObjectOutputStream
 			{
 				if (objVals[i] instanceof String || objVals[i] instanceof Number ||
 						objVals[i] instanceof Date || objVals[i] instanceof Boolean ||
-						objVals[i] instanceof Class)
+						objVals[i] instanceof Class ||
+						objVals[i] instanceof PropertyChangeSupport // WICKET-6704
+				)
 				{
 					// filter out common cases
 					continue;
diff --git a/wicket-core/src/test/java/org/apache/wicket/core/util/objects/checker/CheckingObjectOutputStreamPropertyChangeSupportTest.java b/wicket-core/src/test/java/org/apache/wicket/core/util/objects/checker/CheckingObjectOutputStreamPropertyChangeSupportTest.java
new file mode 100644
index 0000000..a81eed2
--- /dev/null
+++ b/wicket-core/src/test/java/org/apache/wicket/core/util/objects/checker/CheckingObjectOutputStreamPropertyChangeSupportTest.java
@@ -0,0 +1,84 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.wicket.core.util.objects.checker;
+
+import java.beans.PropertyChangeSupport;
+import java.io.Serializable;
+import java.util.concurrent.Callable;
+import java.util.concurrent.Future;
+import java.util.concurrent.FutureTask;
+
+import org.apache.wicket.serialize.java.JavaSerializer;
+import org.junit.Test;
+
+/**
+ * Test for https://issues.apache.org/jira/browse/WICKET-6704
+ */
+public class CheckingObjectOutputStreamPropertyChangeSupportTest {
+
+    /**
+     * The test should either pass and log an ERROR
+     * or cause a JVM crash
+     */
+    @Test
+    public void serializePropertyChangeSupport()
+    {
+        JavaSerializer serializer = new JavaSerializer("test");
+        serializer.serialize(new ObjectToPersist());
+    }
+
+    static abstract class AbstractObjectToPersist implements Serializable {
+
+        private static final long serialVersionUID = 1L;
+
+        // if we move this field to the child class, the JVM crash is not reproducible, weird !
+        private PropertyChangeSupport propertyChangeSupport;
+
+        protected AbstractObjectToPersist() {
+            super();
+            // if we use PropertyChangeSupport directly, the JVM crash is not reproducible, weird !
+            propertyChangeSupport = new ExtendedPropertyChangeSupport(this);
+        }
+
+    }
+
+    static class ExtendedPropertyChangeSupport extends PropertyChangeSupport {
+
+        ExtendedPropertyChangeSupport(Object sourceBean) {
+            super(sourceBean);
+        }
+
+    }
+
+    class ObjectToPersist extends AbstractObjectToPersist {
+
+        // 1. this field is INTENTIONALLY not serializable to be able to trigger JVM crash
+        // 2. normally wicket handle this correctly by throwing the NotSerializableException, but in this example the JVM crash
+        private Future<Object> future;
+
+        ObjectToPersist() {
+            super();
+
+            future = new FutureTask<Object>(new Callable() {
+                public Object call() throws Exception {
+                    return new Object();
+                }
+            });
+        }
+    }
+
+}