[jira] [Commented] (WICKET-6531) Crash in Unsafe.getObject when running on the J9 VM

Sun, 27 May 2018 22:56:24 -0700 

    [ 
https://issues.apache.org/jira/browse/WICKET-6531?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16492289#comment-16492289
 ] 

Bartłomiej Łopatka commented on WICKET-6531:
--------------------------------------------

[~mgrigorov] - in fact, we are not using CheckingObjectOutputStream directly at 
all.


> Crash in Unsafe.getObject when running on the J9 VM
> ---------------------------------------------------
>
>                 Key: WICKET-6531
>                 URL: https://issues.apache.org/jira/browse/WICKET-6531
>             Project: Wicket
>          Issue Type: Bug
>          Components: wicket
>    Affects Versions: 7.9.0, 8.0.0-M8
>         Environment: J9 VM (Java7) on AIX
>            Reporter: Kevin Langman
>            Priority: Major
>
> The CheckingObjectOutputStream class is using introspection of JVM internals 
> to load object fields and array elements during serialization. This is a 
> risky business given that there is no guarantee that all JVM implementations 
> will implement the serialization internals in the same way. For the crash I 
> am reporting here, we are checking an object that extends BigDecimal, but the 
> J9 VM has its own implementation of BigDecimal and therefore has special 
> handling of BigDecimal serialization so that it can (for compatibility 
> reasons) mimic the byte-stream that would be produced by OpenJDK. This 
> results in the CheckingObjectOutputStream code attempting to read fields out 
> of an object that does not actually exist in the object, but only reflects 
> the fields that will be written out to the serialization byte-stream.
>  
> In CheckingObjectOutputStream.checkFields() there is code to prevent checking 
> objects that are instances of String, Number, Date, Boolean and Class. If 
> this check was also done prior to checking array elements in internalCheck() 
> then the the crash I am reporting here would not have occurred and therefore 
> I am proposing that we add the following 'if statement' into the code:
>  
> CheckingObjectOutputStream.internalCheck() – Line 394:
> for (int i = 0; i < objs.length; i++)
> {
>    *if (objs[i] instanceof String || objs[i] instanceof Number  ||*
>          *objs[i] instanceof Date   || objs[i] instanceof Boolean ||*
>        *objs[i] instanceof Class)*
>    *{*
>       *// filter out common cases*
>    *}else{*
>       CharSequence arrayPos = new 
> StringBuilder(4).append('[').append(i).append(']');
>       simpleName = arrayPos;
>       fieldDescription += arrayPos;
>       check(objs[i]);
>    *}*
> }
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to