[ https://issues.apache.org/jira/browse/WICKET-6531?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16491643#comment-16491643 ]
Martin Grigorov commented on WICKET-6531: ----------------------------------------- I'd recommend to *not* use CheckingObjectOutputStream in non-Oracle JVMs. This class is for debugging purposes and it indeed uses internals to do its job. org.apache.wicket.serialize.java.JavaSerializer#newObjectOutputStream() should return a plain java.io.ObjectOutputStream. We can use "java.vm.vendor" system property to check whether it should be enabled or not automatically in the static block (lines 234-269). > Crash in Unsafe.getObject when running on the J9 VM > --------------------------------------------------- > > Key: WICKET-6531 > URL: https://issues.apache.org/jira/browse/WICKET-6531 > Project: Wicket > Issue Type: Bug > Components: wicket > Affects Versions: 7.9.0, 8.0.0-M8 > Environment: J9 VM (Java7) on AIX > Reporter: Kevin Langman > Priority: Major > > The CheckingObjectOutputStream class is using introspection of JVM internals > to load object fields and array elements during serialization. This is a > risky business given that there is no guarantee that all JVM implementations > will implement the serialization internals in the same way. For the crash I > am reporting here, we are checking an object that extends BigDecimal, but the > J9 VM has its own implementation of BigDecimal and therefore has special > handling of BigDecimal serialization so that it can (for compatibility > reasons) mimic the byte-stream that would be produced by OpenJDK. This > results in the CheckingObjectOutputStream code attempting to read fields out > of an object that does not actually exist in the object, but only reflects > the fields that will be written out to the serialization byte-stream. > > In CheckingObjectOutputStream.checkFields() there is code to prevent checking > objects that are instances of String, Number, Date, Boolean and Class. If > this check was also done prior to checking array elements in internalCheck() > then the the crash I am reporting here would not have occurred and therefore > I am proposing that we add the following 'if statement' into the code: > > CheckingObjectOutputStream.internalCheck() – Line 394: > for (int i = 0; i < objs.length; i++) > { > *if (objs[i] instanceof String || objs[i] instanceof Number ||* > *objs[i] instanceof Date || objs[i] instanceof Boolean ||* > *objs[i] instanceof Class)* > *{* > *// filter out common cases* > *}else{* > CharSequence arrayPos = new > StringBuilder(4).append('[').append(i).append(']'); > simpleName = arrayPos; > fieldDescription += arrayPos; > check(objs[i]); > *}* > } > -- This message was sent by Atlassian JIRA (v7.6.3#76005)