Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8216331

StreamCorruptedException when deserializaing 2nd instance of unknown class

    Details

      Description

      ADDITIONAL SYSTEM INFORMATION :
      Windows 10
      java version "1.8.0_191"
      Java(TM) SE Runtime Environment (build 1.8.0_191-b12)
      Java HotSpot(TM) 64-Bit Server VM (build 25.191-b12, mixed mode)
      ---
      Linux: Centos 7.2
      openjdk version "1.8.0_191"
      OpenJDK Runtime Environment (build 1.8.0_191-b12)
      OpenJDK 64-Bit Server VM (build 25.191-b12, mixed mode)

      A DESCRIPTION OF THE PROBLEM :
      I'm deserializaing a stream of objects using the java.io.ObjectInputStream class. Some of the objects are unknown and as such a ClassNotFoundException is thrown. However when the second instance of an unknown class is received it throws StreamCorruptedException. The unknown class contains a vector which appears to be causing the issue.
      This is a change in behaviour between Java 1.8.0_121 and 1.8.0_181. but i can't be sure when the change occurred. It affects both Oracle and OpenJDK implementations of the JDK.

      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      Run program listed below.


      EXPECTED VERSUS ACTUAL BEHAVIOR :
      EXPECTED -
      The above application should throw and catch and report two CNF exceptions.
      ACTUAL -
      The application throws a StreamCorruptedException upon the second in.readObject();

      ---------- BEGIN SOURCE ----------
      import java.io.ByteArrayInputStream;
      import java.io.IOException;
      import java.io.ObjectInputStream;
      import org.junit.Test;
      import com.saaconsultants.jots.common.file.Base64InputStream;

      /**
       * This test attempts to de-serialise two objects from an Object Stream where the class definition is not found. The
       * test expects that both calls to CNF exception to be throw for both reads, but on JDK8_u191 it throws a
       * StreamCorruptedException on the second invocation.
       * Two user objects created and serialised into a base64 stream. The User class contains a name an a vector of Roles, the
       * Role class contains a single string.
       * e.g.
       *
       * <pre>
       * class User implements Serializable {
       * private String name;
       * private Vector<Role> roles = new Vector<Role>();
       *
       * public static class Role implements Serializable {
       * public String name;
       * }
       * }
       * </pre>
       */
      public class ObjectSerizationTest {

      private static String userData = "rO0ABXNyAAhmb28uVXNlct4x7OIM26r7AgACTAAEbmFtZXQAEkxqYXZhL2xhbmcvU3RyaW5nO\r\n"
      + "0wABXJvbGVzdAASTGphdmEvdXRpbC9WZWN0b3I7eHB0AAVhbGljZXNyABBqYXZhLnV0aWwuVm\r\n"
      + "VjdG9y2Zd9W4A7rwEDAANJABFjYXBhY2l0eUluY3JlbWVudEkADGVsZW1lbnRDb3VudFsAC2V\r\n"
      + "sZW1lbnREYXRhdAATW0xqYXZhL2xhbmcvT2JqZWN0O3hwAAAAAAAAAAN1cgATW0xqYXZhLmxh\r\n"
      + "bmcuT2JqZWN0O5DOWJ8QcylsAgAAeHAAAAAKc3IADWZvby5Vc2VyJFJvbGW+TNaDrbCQhQIAA\r\n"
      + "UwABG5hbWVxAH4AAXhwdAAGUm9sZSAxc3EAfgAKdAAGUm9sZSAyc3EAfgAKdAAGUm9sZSAzcH\r\n"
      + "BwcHBwcHhzcQB+AAB0AANib2JzcQB+AAUAAAAAAAAAA3VxAH4ACAAAAApzcQB+AApxAH4ADHN\r\n"
      + "xAH4ACnEAfgAQc3EAfgAKdAAGUm9sZSA0cHBwcHBwcHg=";

      @Test
      public void deserialiseTest() throws IOException {
      ObjectInputStream in =
      new ObjectInputStream(new Base64InputStream(new ByteArrayInputStream(userData.getBytes())));
      try {
      Object obj = in.readObject();
      System.out.println("Got: " + obj);
      } catch (ClassNotFoundException cnf) {
      System.out.println("cnf: " + cnf.getMessage()); // expected
      }
      try {
      Object obj = in.readObject();
      System.out.println("Got: " + obj);
      } catch (ClassNotFoundException cnf) {
      System.out.println("cnf: " + cnf.getMessage()); // expected
      }
      }

      public static void main(String[] args) throws IOException {
      new ObjectSerizationTest().deserialiseTest();
      }
      }

      ---------- END SOURCE ----------

      CUSTOMER SUBMITTED WORKAROUND :
      None. Just abort processing the object stream and inform the user that the operation has failed.

      FREQUENCY : always


        Attachments

          Activity

            People

            • Assignee:
              rriggs Roger Riggs
              Reporter:
              webbuggrp Webbug Group
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated: