使用protostuff序列化event request未对data进行空安全检查 #3727

fitzf · 2019-03-25T06:34:35Z

:: Dubbo Spring Boot (v2.7.0) : https://github.com/apache/incubator-dubbo-spring-boot-project
:: Dubbo (v2.7.1-SNAPSHOT) : https://github.com/apache/incubator-dubbo
:: Discuss group : dev@dubbo.apache.org
由于心跳检查发送的request的mData属性为空，
而在encodeEventData时为判断是否为空导致的空指针异常

fitzf · 2019-03-25T06:36:29Z

堆栈信息

2019-03-25 14:15:23.279  WARN [-,,,] 10982 --- [20860-thread-64] o.a.d.r.exchange.support.DefaultFuture   :  [DUBBO] The timeout response finally returned at 2019-03-25 14:15:23.276, response Response [id=165, version=2.0.2, status=40, event=false, error=io.netty.handler.codec.EncoderException: java.lang.NullPointerException
io.netty.handler.codec.EncoderException: java.lang.NullPointerException
	at io.netty.handler.codec.MessageToByteEncoder.write(MessageToByteEncoder.java:125)
	at io.netty.channel.AbstractChannelHandlerContext.invokeWrite0(AbstractChannelHandlerContext.java:738)
	at io.netty.channel.AbstractChannelHandlerContext.invokeWrite(AbstractChannelHandlerContext.java:730)
	at io.netty.channel.AbstractChannelHandlerContext.write(AbstractChannelHandlerContext.java:816)
	at io.netty.channel.AbstractChannelHandlerContext.write(AbstractChannelHandlerContext.java:723)
	at io.netty.handler.timeout.IdleStateHandler.write(IdleStateHandler.java:304)
	at io.netty.channel.AbstractChannelHandlerContext.invokeWrite0(AbstractChannelHandlerContext.java:738)
	at io.netty.channel.AbstractChannelHandlerContext.invokeWrite(AbstractChannelHandlerContext.java:730)
	at io.netty.channel.AbstractChannelHandlerContext.write(AbstractChannelHandlerContext.java:816)
	at io.netty.channel.AbstractChannelHandlerContext.write(AbstractChannelHandlerContext.java:723)
	at io.netty.channel.ChannelDuplexHandler.write(ChannelDuplexHandler.java:106)
	at org.apache.dubbo.remoting.transport.netty4.NettyClientHandler.write(NettyClientHandler.java:87)
	at io.netty.channel.AbstractChannelHandlerContext.invokeWrite0(AbstractChannelHandlerContext.java:738)
	at io.netty.channel.AbstractChannelHandlerContext.invokeWriteAndFlush(AbstractChannelHandlerContext.java:801)
	at io.netty.channel.AbstractChannelHandlerContext.write(AbstractChannelHandlerContext.java:814)
	at io.netty.channel.AbstractChannelHandlerContext.writeAndFlush(AbstractChannelHandlerContext.java:794)
	at io.netty.channel.AbstractChannelHandlerContext.writeAndFlush(AbstractChannelHandlerContext.java:837)
	at io.netty.channel.DefaultChannelPipeline.writeAndFlush(DefaultChannelPipeline.java:1036)
	at io.netty.channel.AbstractChannel.writeAndFlush(AbstractChannel.java:304)
	at org.apache.dubbo.remoting.transport.netty4.NettyChannel.send(NettyChannel.java:101)
	at org.apache.dubbo.remoting.transport.AbstractPeer.send(AbstractPeer.java:53)
	at org.apache.dubbo.remoting.transport.netty4.NettyClientHandler.userEventTriggered(NettyClientHandler.java:126)
	at io.netty.channel.AbstractChannelHandlerContext.invokeUserEventTriggered(AbstractChannelHandlerContext.java:329)
	at io.netty.channel.AbstractChannelHandlerContext.invokeUserEventTriggered(AbstractChannelHandlerContext.java:315)
	at io.netty.channel.AbstractChannelHandlerContext.fireUserEventTriggered(AbstractChannelHandlerContext.java:307)
	at io.netty.handler.timeout.IdleStateHandler.channelIdle(IdleStateHandler.java:371)
	at io.netty.handler.timeout.IdleStateHandler$ReaderIdleTimeoutTask.run(IdleStateHandler.java:494)
	at io.netty.handler.timeout.IdleStateHandler$AbstractIdleTask.run(IdleStateHandler.java:466)
	at io.netty.util.concurrent.PromiseTask$RunnableAdapter.call(PromiseTask.java:38)
	at io.netty.util.concurrent.ScheduledFutureTask.run(ScheduledFutureTask.java:127)
	at io.netty.util.concurrent.AbstractEventExecutor.safeExecute$$$capture(AbstractEventExecutor.java:163)
	at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java)
	at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:404)
	at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:495)
	at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:905)
	at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
	at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.NullPointerException
	at org.apache.dubbo.common.serialize.protostuff.utils.WrapperUtils.needWrapper(WrapperUtils.java:105)
	at org.apache.dubbo.common.serialize.protostuff.ProtostuffObjectOutput.writeObject(ProtostuffObjectOutput.java:50)
	at org.apache.dubbo.remoting.exchange.codec.ExchangeCodec.encodeEventData(ExchangeCodec.java:381)
	at org.apache.dubbo.remoting.exchange.codec.ExchangeCodec.encodeEventData(ExchangeCodec.java:437)
	at org.apache.dubbo.remoting.exchange.codec.ExchangeCodec.encodeRequest(ExchangeCodec.java:236)
	at org.apache.dubbo.remoting.exchange.codec.ExchangeCodec.encode(ExchangeCodec.java:69)
	at org.apache.dubbo.rpc.protocol.dubbo.DubboCountCodec.encode(DubboCountCodec.java:38)
	at org.apache.dubbo.remoting.transport.netty4.NettyCodecAdapter$InternalEncoder.encode(NettyCodecAdapter.java:70)
	at io.netty.handler.codec.MessageToByteEncoder.write(MessageToByteEncoder.java:107)
	... 36 more
, result=null], channel: /192.168.200.232:64308 -> /192.168.200.232:20860, dubbo version: 2.7.1-SNAPSHOT, current host: 192.168.200.232

CrazyHZM · 2019-03-25T06:45:01Z

是的，这里应该有判空处理。

CrazyHZM · 2019-03-26T01:59:17Z

Could you please send a pull request?

CrazyHZM · 2019-03-26T06:16:12Z

#3734

* fix: #3727 * style: code tidy up * style: add apache license * fix: #3914 protostuff serialize java.sql.Timestamp

* fix: apache#3727 * style: code tidy up * style: add apache license * fix: apache#3914 protostuff serialize java.sql.Timestamp

…n method for java.sql.Date #4384 (#4386) * fix: #3727 * style: code tidy up * style: add apache license * fix: #3914 protostuff serialize java.sql.Timestamp * fix: add SqlDateDelegate to fix protostuff custon serialize java.sql.Date fix #4384

…n method for java.sql.Date apache#4384 (apache#4386) * fix: apache#3727 * style: code tidy up * style: add apache license * fix: apache#3914 protostuff serialize java.sql.Timestamp * fix: add SqlDateDelegate to fix protostuff custon serialize java.sql.Date fix apache#4384

fitzf added a commit to fitzf/dubbo that referenced this issue Mar 26, 2019

fix: apache#3727

d936541

CrazyHZM closed this as completed in a6c8835 Mar 26, 2019

CrazyHZM pushed a commit that referenced this issue Apr 24, 2019

[Dubbo-3914]Fix protostuff serialize java.sql.Timestamp (#3915)

9b11b7a

* fix: #3727 * style: code tidy up * style: add apache license * fix: #3914 protostuff serialize java.sql.Timestamp

cvictory added this to the 2.7.2 milestone May 28, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

使用protostuff序列化event request未对data进行空安全检查 #3727

使用protostuff序列化event request未对data进行空安全检查 #3727

fitzf commented Mar 25, 2019 •

edited

fitzf commented Mar 25, 2019

CrazyHZM commented Mar 25, 2019

CrazyHZM commented Mar 26, 2019

CrazyHZM commented Mar 26, 2019

使用protostuff序列化event request未对data进行空安全检查 #3727

使用protostuff序列化event request未对data进行空安全检查 #3727

Comments

fitzf commented Mar 25, 2019 • edited

fitzf commented Mar 25, 2019

CrazyHZM commented Mar 25, 2019

CrazyHZM commented Mar 26, 2019

CrazyHZM commented Mar 26, 2019

fitzf commented Mar 25, 2019 •

edited