This is an automated email from the ASF dual-hosted git repository.
asf-gitbox-commits pushed a commit to branch 2.0.X
in repository https://gitbox.apache.org/repos/asf/mina.git
The following commit(s) were added to refs/heads/2.0.X by this push:
new d0456f639 o Fixed a serialisation issue
d0456f639 is described below
commit d0456f6390b3a275e5e528b405ab3725ad8c8394
Author: Emmanuel Lécharny <[email protected]>
AuthorDate: Fri May 29 10:11:19 2026 +0200
o Fixed a serialisation issue
o Improved the CumulativeProtocolDecoder
o Added a deserialization test
---
.../apache/mina/core/buffer/AbstractIoBuffer.java | 10 +--
.../codec/AbstractProtocolEncoderOutput.java | 5 +-
.../filter/codec/CumulativeProtocolDecoder.java | 9 +-
.../mina/core/buffer/ClinitDescriptorTest.java | 96 ++++++++++++++++++++++
4 files changed, 107 insertions(+), 13 deletions(-)
diff --git
a/mina-core/src/main/java/org/apache/mina/core/buffer/AbstractIoBuffer.java
b/mina-core/src/main/java/org/apache/mina/core/buffer/AbstractIoBuffer.java
index d5d54f9e5..0baf9db3d 100644
--- a/mina-core/src/main/java/org/apache/mina/core/buffer/AbstractIoBuffer.java
+++ b/mina-core/src/main/java/org/apache/mina/core/buffer/AbstractIoBuffer.java
@@ -2191,9 +2191,7 @@ public abstract class AbstractIoBuffer extends IoBuffer {
}
// Use initialize=false to prevent static block
execution during class loading
- Class<?> clazz = Class.forName(className, true,
classLoader);
-
- return ObjectStreamClass.lookup(clazz);
+ return super.readClassDescriptor();
default:
throw new StreamCorruptedException("Unexpected class
descriptor type: " + type);
@@ -2246,12 +2244,14 @@ public abstract class AbstractIoBuffer extends IoBuffer
{
if (clazz.isArray() || clazz.isPrimitive() ||
!Serializable.class.isAssignableFrom(clazz)) {
write(0);
- super.writeClassDescriptor(desc);
} else {
// Serializable class
write(1);
- writeUTF(desc.getName());
+ writeUTF(desc.getName());
}
+
+ super.writeClassDescriptor(desc);
+
}
}) {
out.writeObject(o);
diff --git
a/mina-core/src/main/java/org/apache/mina/filter/codec/AbstractProtocolEncoderOutput.java
b/mina-core/src/main/java/org/apache/mina/filter/codec/AbstractProtocolEncoderOutput.java
index e369ba916..46542350e 100644
---
a/mina-core/src/main/java/org/apache/mina/filter/codec/AbstractProtocolEncoderOutput.java
+++
b/mina-core/src/main/java/org/apache/mina/filter/codec/AbstractProtocolEncoderOutput.java
@@ -88,13 +88,14 @@ public abstract class AbstractProtocolEncoderOutput
implements ProtocolEncoderOu
for (Object b : messageQueue) {
sum += ((IoBuffer) b).remaining();
}
-
+
// Allocate a new BB that will contain all fragments
IoBuffer newBuf = IoBuffer.allocate(sum);
// and merge all.
for (;;) {
IoBuffer buf = (IoBuffer) messageQueue.poll();
+
if (buf == null) {
break;
}
@@ -106,4 +107,4 @@ public abstract class AbstractProtocolEncoderOutput
implements ProtocolEncoderOu
newBuf.flip();
messageQueue.add(newBuf);
}
-}
\ No newline at end of file
+}
diff --git
a/mina-core/src/main/java/org/apache/mina/filter/codec/CumulativeProtocolDecoder.java
b/mina-core/src/main/java/org/apache/mina/filter/codec/CumulativeProtocolDecoder.java
index dfe3be93d..249561e06 100644
---
a/mina-core/src/main/java/org/apache/mina/filter/codec/CumulativeProtocolDecoder.java
+++
b/mina-core/src/main/java/org/apache/mina/filter/codec/CumulativeProtocolDecoder.java
@@ -142,20 +142,15 @@ public abstract class CumulativeProtocolDecoder extends
ProtocolDecoderAdapter {
// If we have a session buffer, append data to that; otherwise
// use the buffer read from the network directly.
if (buf != null) {
- boolean appended = false;
// Make sure that the buffer is auto-expanded.
if (buf.isAutoExpand()) {
try {
buf.put(in);
- appended = true;
+ buf.flip();
} catch (IllegalStateException | IndexOutOfBoundsException e) {
// A user called derivation method (e.g. slice()),
// which disables auto-expansion of the parent buffer.
}
- }
-
- if (appended) {
- buf.flip();
} else {
// Reallocate the buffer if append operation failed due to
// derivation or disabled auto-expansion.
@@ -247,6 +242,8 @@ public abstract class CumulativeProtocolDecoder extends
ProtocolDecoderAdapter {
remainingBuf.order(buf.order());
remainingBuf.put(buf);
+ removeSessionBuffer(session);
+
session.setAttribute(BUFFER, remainingBuf);
}
diff --git
a/mina-core/src/test/java/org/apache/mina/core/buffer/ClinitDescriptorTest.java
b/mina-core/src/test/java/org/apache/mina/core/buffer/ClinitDescriptorTest.java
new file mode 100644
index 000000000..d505a60d4
--- /dev/null
+++
b/mina-core/src/test/java/org/apache/mina/core/buffer/ClinitDescriptorTest.java
@@ -0,0 +1,96 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.mina.core.buffer;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
+
+import java.io.ByteArrayOutputStream;
+import java.io.DataOutputStream;
+import java.io.ObjectStreamClass;
+import java.io.Serializable;
+
+
+import org.junit.Test;
+
+
+public class ClinitDescriptorTest {
+ static final class ClinitFlags {
+ static volatile boolean truncatedProbeInitialized = false;
+ static volatile boolean controlProbeInitialized = false;
+ }
+
+ public static final class TruncatedProbe implements Serializable {
+ private static final long serialVersionUID = 1L;
+
+ static { ClinitFlags.truncatedProbeInitialized = true; }
+ }
+
+ public static final class ControlProbe implements Serializable {
+ private static final long serialVersionUID = 1L;
+ static { ClinitFlags.controlProbeInitialized = true; }
+ }
+
+ private static byte[] truncatedTypeOneFrame(String className) throws
Exception {
+ ByteArrayOutputStream body = new ByteArrayOutputStream();
+ DataOutputStream d = new DataOutputStream(body);
+ d.writeShort(0xACED); // STREAM_MAGIC
+ d.writeShort(0x0005); // STREAM_VERSION
+ d.writeByte(0x73); // TC_OBJECT
+ d.writeByte(0x72); // TC_CLASSDESC
+ d.writeByte(0x01); // Mina type 1 (Serializable)
+ d.writeUTF(className);
+ // truncated: no super-class descriptor, no field data -> readObject
aborts (EOF)
+
+ byte[] b = body.toByteArray();
+ ByteArrayOutputStream full = new ByteArrayOutputStream();
+ DataOutputStream f = new DataOutputStream(full);
+ f.writeInt(b.length); // Mina 4-byte length prefix
+ f.write(b);
+
+ return full.toByteArray();
+ }
+
+ @Test
+ public void truncatedDescriptorMustNotInitializeAllowListedClass() throws
Exception {
+ assertFalse(ClinitFlags.truncatedProbeInitialized);
+ IoBuffer buf =
+ IoBuffer.wrap(truncatedTypeOneFrame(TruncatedProbe.class.getName()));
+ buf.accept(TruncatedProbe.class.getName()); // allow-listed, so it IS
resolved
+
+ try {
+ buf.getObject();
+ } catch (Exception expected) {
+ // expected: aborts after the class name
+ }
+
+ assertFalse("ZDRES-233: <clinit> of an allow-listed class must not run
during "
+ + "descriptor resolution of an aborted stream",
ClinitFlags.truncatedProbeInitialized);
+ }
+
+
+ @Test
+ public void objectStreamClassLookupInitializesTheClass() {
+ assertFalse(ClinitFlags.controlProbeInitialized);
+ ObjectStreamClass.lookup(ControlProbe.class);
+ assertTrue(ClinitFlags.controlProbeInitialized);
+ }
+}
