Validation of readResolve() result

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Validation of readResolve() result

Roy Zahor

Hi,

 

I would like to suggest a small fix that would check that the result of a readResolve() call is not null.

 

While developing with XStream, I forgot to return the object in my readResolve() implementation, and the unmarshaling process continued without throwing any exception, resulting with a null object. It took me several hours to understand that the cause for a null object is my wrong readResolve() implementation. In this case I recommend to throw a descriptive exception that will help the developer to understand that something is wrong with their readResolve() implementation instead of returning a null object.

 

The suggested fix is to replace line 66 in SerializationMethodInvoker from:

 

                    return readResolveMethod.invoke(result);

to:

                    Object invokeResult = readResolveMethod.invoke(result);

                    if (invokeResult == null)

                       throw new ObjectAccessException(resultType.getName()  + ".readResolve() returned null");

                    return invokeResult;

 

Attached please find SVN patch file. I have run all unit tests and they completed successfully after applying this fix.

 

Regards,

Roy Zahor



---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email

SerializationMethodInvoker.java.patch (1K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Validation of readResolve() result

Jörg Schaible-4
Hi Roy,

Roy Zahor wrote:

> Hi,
>
> I would like to suggest a small fix that would check that the result of a
> readResolve() call is not null.
>
> While developing with XStream, I forgot to return the object in my
> readResolve() implementation, and the unmarshaling process continued
> without throwing any exception, resulting with a null object. It took me
> several hours to understand that the cause for a null object is my wrong
> readResolve() implementation. In this case I recommend to throw a
> descriptive exception that will help the developer to understand that
> something is wrong with their readResolve() implementation instead of
> returning a null object.
>
> The suggested fix is to replace line 66 in SerializationMethodInvoker
> from:
>
>                     return readResolveMethod.invoke(result);
> to:
>                     Object invokeResult =
>                     readResolveMethod.invoke(result); if (invokeResult ==
>                     null)
>                        throw new
>                        ObjectAccessException(resultType.getName()  +
>                        ".readResolve() returned null");
>                     return invokeResult;
>
> Attached please find SVN patch file. I have run all unit tests and they
> completed successfully after applying this fix.

thanks for the feedback and the patch, but can you please raise an issue at
jira.codehaus.org/browse/XStream to ensure that the patch does not get lost?

You can open an account at xircles.codehaus.org (simple email account is
*not* enough). It may take some moments until you new account is available
in Jira then.

THanks,
Jörg


---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Reply | Threaded
Open this post in threaded view
|

Re: Validation of readResolve() result

Roy Zahor
Done
http://jira.codehaus.org/browse/XSTR-764


-----Original Message-----
From: Jörg Schaible [mailto:[hidden email]]
Sent: Monday, December 08, 2014 3:27 PM
To: [hidden email]
Subject: [xstream-dev] Re: Validation of readResolve() result

Hi Roy,

Roy Zahor wrote:

> Hi,
>
> I would like to suggest a small fix that would check that the result
> of a
> readResolve() call is not null.
>
> While developing with XStream, I forgot to return the object in my
> readResolve() implementation, and the unmarshaling process continued
> without throwing any exception, resulting with a null object. It took
> me several hours to understand that the cause for a null object is my
> wrong
> readResolve() implementation. In this case I recommend to throw a
> descriptive exception that will help the developer to understand that
> something is wrong with their readResolve() implementation instead of
> returning a null object.
>
> The suggested fix is to replace line 66 in SerializationMethodInvoker
> from:
>
>                     return readResolveMethod.invoke(result);
> to:
>                     Object invokeResult =
>                     readResolveMethod.invoke(result); if (invokeResult ==
>                     null)
>                        throw new
>                        ObjectAccessException(resultType.getName()  +
>                        ".readResolve() returned null");
>                     return invokeResult;
>
> Attached please find SVN patch file. I have run all unit tests and
> they completed successfully after applying this fix.

thanks for the feedback and the patch, but can you please raise an issue at jira.codehaus.org/browse/XStream to ensure that the patch does not get lost?

You can open an account at xircles.codehaus.org (simple email account is
*not* enough). It may take some moments until you new account is available in Jira then.

THanks,
Jörg


---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email



--
This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.