[
https://issues.apache.org/jira/browse/IO-766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17520802#comment-17520802
]
Jonathon Nicholas Sanders commented on IO-766:
----------------------------------------------
I will Try and get that loaded as soon as possible.
Bare with me on this because I am not an expert on serialization. So I have my
Configuration.class which is composed of several classes, I put some print
statements into the resolveClass method to print the class names out and see at
which point the fail occurred.
I have print outs in the resolveClass method before it passes osc.getName() to
the validClassName. I am reading my serialized data from file. so I opened it
with a hex editor. the first occurrence of [Ljava/lang/String; , which is
printed out after RadioInterfaceUnitCard is validated. RadioInterfaceUnitCard
class has an array of Strings. Form some research I found a similar case in
which it was mentioned that ClassLoader and Class.forName handle arrays
differently and that might be the issue that the name being passed is
[Ljava/lang/String; and not java/lang/String
> ValidatingObjectInputStream
> ---------------------------
>
> Key: IO-766
> URL: https://issues.apache.org/jira/browse/IO-766
> Project: Commons IO
> Issue Type: Bug
> Environment: Java 8, Ubuntu 16.04 LTS, Eclipse Neon, Apache Commons
> IO 2.11.0
> Reporter: Jonathon Nicholas Sanders
> Priority: Major
>
> I have been using ValidatingObjectInputStream and found a bug.
>
> It appears when you have an ArrayList of String it fails to validate the
> String.class ( [Ljava.lang.String; ) because somehow some extra data in the
> full class name causes an error. Currently I have no work around, I could
> edit the source, and see if I can hunt down the bug myself, but I don't think
> my project manager would care for that option if it takes me too much time,
> the other is also not ideal and that is avoid using ArrayList<String>.... but
> the again, this could be an issue for any ArrayList of Classes.
>
> I am using Oracle Java 8 on Ubuntu 16.04 LTS, here is my stacktrace. I have
> removed references to my classes for the sake of confidentiality.
>
> Apr 08, 2022 3:07:33 PM gov.jdaccs.views.__ openConfiguration
> SEVERE: Class name not accepted: [Ljava.lang.String;
> java.io.InvalidClassException: Class name not accepted: [Ljava.lang.String;
> at
> org.apache.commons.io.serialization.ValidatingObjectInputStream.invalidClassNameFound(ValidatingObjectInputStream.java:95)
> at
> org.apache.commons.io.serialization.ValidatingObjectInputStream.validateClassName(ValidatingObjectInputStream.java:82)
> at
> org.apache.commons.io.serialization.ValidatingObjectInputStream.resolveClass(ValidatingObjectInputStream.java:100)
> at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1859)
> at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1745)
> at java.io.ObjectInputStream.readArray(ObjectInputStream.java:1921)
> at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1561)
> at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:2278)
> at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2202)
> at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2060)
> at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1567)
> at java.io.ObjectInputStream.readObject(ObjectInputStream.java:427)
> at java.util.ArrayList.readObject(ArrayList.java:797)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:1158)
> at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2169)
> at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2060)
> at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1567)
> at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:2278)
> at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2202)
> at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2060)
> at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1567)
> at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:2278)
> at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2202)
> at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2060)
> at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1567)
> at java.io.ObjectInputStream.readObject(ObjectInputStream.java:427)
> at gov.jdaccs.config.__.readConfiguration(__.java:74)
> at gov.jdaccs.views.__.openConfiguration(__.java:511)
> at gov.jdaccs.views.__.loadDefaults(__.java:757)
> at gov.jdaccs.views.__.createNewConfiguration(__.java:2508)
> at gov.jdaccs.views.__.<init>(__.java:262)
> at gov.jdaccs.views.__.main(_.java:2534)
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
