Skip to content

Commit

Permalink
bug fixed for readObject.
Browse files Browse the repository at this point in the history
  • Loading branch information
@wenshao
wenshao committed Jul 11, 2018
1 parent 7c7dc80 commit 00f310a
Show file tree
Hide file tree
Showing 2 changed files with 96 additions and 4 deletions.
69 changes: 65 additions & 4 deletions src/main/java/com/alibaba/fastjson/JSONObject.java
View file
Expand Up @@ -29,8 +29,8 @@
import static com.alibaba.fastjson.util.TypeUtils.castToSqlDate;
import static com.alibaba.fastjson.util.TypeUtils.castToTimestamp;

import java.io.IOException;
import java.io.Serializable;
import java.io.*;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationHandler;
import java.lang.reflect.Method;
import java.lang.reflect.Type;
Expand Down Expand Up @@ -479,8 +479,69 @@ public Map<String, Object> getInnerMap() {
return this.map;
}

private void readObject(java.io.ObjectInputStream s) throws IOException, ClassNotFoundException {
s.defaultReadObject();
static Field[] fields;
static volatile boolean fields_error;

static void ensureFields() {
if (fields == null && !fields_error) {
try {
final Field[] declaredFields = ObjectInputStream.class.getDeclaredFields();
String[] fieldnames = new String[]{"bin", "passHandle", "handles", "curContext"};
Field[] array = new Field[fieldnames.length];
for (int i = 0; i < fieldnames.length; i++) {
Field field = TypeUtils
.getField(ObjectInputStream.class
, fieldnames[i]
, declaredFields
);
field.setAccessible(true);
array[i] = field;
}
fields = array;
} catch (Throwable error) {
fields_error = true;
}
}
}

private void readObject(final java.io.ObjectInputStream in) throws IOException, ClassNotFoundException {
ensureFields();
if (fields != null && !fields_error) {
ObjectInputStream secIn = new ObjectInputStream(in) {
protected Class<?> resolveClass(ObjectStreamClass desc)
throws IOException, ClassNotFoundException {
String name = desc.getName();
ParserConfig.global.checkAutoType(name, null);
return super.resolveClass(desc);
}

protected Class<?> resolveProxyClass(String[] interfaces)
throws IOException, ClassNotFoundException {
for (String interfacename : interfaces) {
//检查是否处于黑名单
ParserConfig.global.checkAutoType(interfacename, null);
}
return super.resolveProxyClass(interfaces);
}

//Hack:默认构造方法会调用这个方法,重写此方法使用反射还原部分关键属性
protected void readStreamHeader() throws IOException, StreamCorruptedException {
try {
for (int i = 0; i < fields.length; i++) {
final Field field = fields[i];
final Object value = field.get(in);
field.set(this, value);
}
} catch (IllegalAccessException e) {
fields_error = true;
}
}
};
secIn.defaultReadObject();
return;
}

in.defaultReadObject();
for (Entry<String, Object> entry : map.entrySet()) {
final String key = entry.getKey();
if (key != null) {
Expand Down
31 changes: 31 additions & 0 deletions src/test/java/com/alibaba/json/bvt/JSONObjectTest_readObject.java
View file
@@ -0,0 +1,31 @@
package com.alibaba.json.bvt;

import com.alibaba.fastjson.JSONObject;
import junit.framework.TestCase;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;

public class JSONObjectTest_readObject extends TestCase {
public void test_0() throws Exception {
JSONObject jsonObject = new JSONObject();
jsonObject.put("id", 123);

ByteArrayOutputStream bytesOut = new ByteArrayOutputStream();
ObjectOutputStream objOut = new ObjectOutputStream(bytesOut);
objOut.writeObject(jsonObject);
objOut.flush();

byte[] bytes = bytesOut.toByteArray();

ByteArrayInputStream bytesIn = new ByteArrayInputStream(bytes);
ObjectInputStream objIn = new ObjectInputStream(bytesIn);

Object obj = objIn.readObject();

assertEquals(JSONObject.class, obj.getClass());
assertEquals(jsonObject, obj);
}
}

0 comments on commit 00f310a

Please sign in to comment.