#210 fix hessian JavaDeserializer constructor(null...) NPE

takeseem · takeseem · commit d1890d5d89cf · 2018-04-15T10:31:47.000+08:00
Example: org.springframework.jdbc.UncategorizedSQLException

com.alibaba.com.caucho.hessian.io.HessianProtocolException:
'com.alibaba.com.caucho.hessian.io.beans.ConstructNPE' could not be
instantiated
	at com.alibaba.com.caucho.hessian.io.JavaDeserializer.instantiate(JavaDeserializer.java:313)

Caused by: java.lang.reflect.InvocationTargetException
	at com.alibaba.com.caucho.hessian.io.JavaDeserializer.instantiate(JavaDeserializer.java:309)
Caused by: java.lang.NullPointerException
	at com.alibaba.com.caucho.hessian.io.beans.ConstructNPE.&lt;init&gt;(ConstructNPE.java:15)
diff --git a/hessian-lite/src/main/java/com/alibaba/com/caucho/hessian/io/JavaDeserializer.java b/hessian-lite/src/main/java/com/alibaba/com/caucho/hessian/io/JavaDeserializer.java
@@ -69,6 +69,7 @@ public class JavaDeserializer extends AbstractMapDeserializer {
     private Method _readResolve;
     private Constructor _constructor;
     private Object[] _constructorArgs;
+    private boolean compatibleConstructNPE = true;
 
     public JavaDeserializer(Class cl) {
         _type = cl;
@@ -301,15 +302,51 @@ private Object resolve(Object obj)
     protected Object instantiate()
             throws Exception {
         try {
-            if (_constructor != null)
-                return _constructor.newInstance(_constructorArgs);
-            else
-                return _type.newInstance();
+            return _constructor == null ? _type.newInstance() : construct();
         } catch (Exception e) {
             throw new HessianProtocolException("'" + _type.getName() + "' could not be instantiated", e);
         }
     }
 
+    @SuppressWarnings({ "rawtypes", "unchecked" })
+    protected Object construct() throws Exception {
+        InvocationTargetException ex;
+        try {
+            return _constructor.newInstance(_constructorArgs);
+        } catch (InvocationTargetException e) {
+            if (!compatibleConstructNPE) throw e;
+
+            if (e.getTargetException() instanceof NullPointerException) {
+                ex = e;
+            } else {
+                throw e;
+            }
+        }
+
+        Class[] types = _constructor.getParameterTypes();
+        Object[] args = new Object[types.length];
+        System.arraycopy(_constructorArgs, 0, args, 0, types.length);
+        try {
+            for (int i = 0; i < types.length; i++) {
+                if (args[i] == null) {
+                    try {
+                        Constructor ctor = types[i].getDeclaredConstructor(new Class[0]);
+                        if (!ctor.isAccessible()) ctor.setAccessible(true);
+                        args[i] = ctor.newInstance(new Object[0]);
+                    } catch (Exception e) {
+                    }
+                }
+            }
+            Object ret = _constructor.newInstance(args);
+            _constructorArgs = args;
+            return ret;
+        } catch (Throwable t) {
+        }
+
+        compatibleConstructNPE = false;
+        throw ex;
+    }
+
     /**
      * Creates a map of the classes fields.
      */
diff --git a/hessian-lite/src/test/java/com/alibaba/com/caucho/hessian/io/JavaDeserializerTest.java b/hessian-lite/src/test/java/com/alibaba/com/caucho/hessian/io/JavaDeserializerTest.java
@@ -0,0 +1,77 @@
+package com.alibaba.com.caucho.hessian.io;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.fail;
+
+import java.lang.reflect.InvocationTargetException;
+import java.sql.SQLException;
+
+import org.junit.Test;
+
+import com.alibaba.com.caucho.hessian.io.base.SerializeTestBase;
+import com.alibaba.com.caucho.hessian.io.beans.ConstructAlwaysNPE;
+import com.alibaba.com.caucho.hessian.io.beans.ConstructNPE;
+
+public class JavaDeserializerTest extends SerializeTestBase {
+
+    /**
+     * <a href="https://github.com/apache/incubator-dubbo/issues/210">#210</a>
+     * @see org.springframework.jdbc.UncategorizedSQLException
+     */
+    @Test
+    public void testConstructorNPE() throws Exception {
+        String sql = "select * from demo";
+        SQLException sqlEx = new SQLException("just a sql exception");
+
+        for (int repeat = 0; repeat < 2; repeat++) {
+            ConstructNPE normalNPE = new ConstructNPE("junit", sql, sqlEx);
+            assertDesEquals(normalNPE, baseHession2Serialize(normalNPE));
+            assertCompatibleConstructNPE(factory.getDeserializer(normalNPE.getClass()), true);
+
+            assertDesEquals(normalNPE, baseHessionSerialize(normalNPE));
+            assertCompatibleConstructNPE(factory.getDeserializer(normalNPE.getClass()), true);
+
+
+            ConstructAlwaysNPE alwaysNPE = new ConstructAlwaysNPE("junit", sql, sqlEx);
+            try {
+                baseHession2Serialize(alwaysNPE);
+                fail("must be always throw NullPointerException");
+            } catch (HessianProtocolException e) {
+                assertEquals(InvocationTargetException.class, e.getCause().getClass());
+                assertEquals(NullPointerException.class, e.getCause().getCause().getClass());
+            }
+            assertCompatibleConstructNPE(factory.getDeserializer(alwaysNPE.getClass()), false);
+
+            try {
+                baseHessionSerialize(alwaysNPE);
+                fail("must be always throw NullPointerException");
+            } catch (HessianProtocolException e) {
+                assertEquals(InvocationTargetException.class, e.getCause().getClass());
+                assertEquals(NullPointerException.class, e.getCause().getCause().getClass());
+            }
+            assertCompatibleConstructNPE(factory.getDeserializer(alwaysNPE.getClass()), false);
+        }
+    }
+
+    private void assertDesEquals(ConstructNPE expected, ConstructNPE actual) {
+        assertEquals(expected.getMessage(), actual.getMessage());
+        assertEquals(expected.getCause().getClass(), actual.getCause().getClass());
+        assertEquals(expected.getSql(), actual.getSql());
+    }
+
+    private void assertCompatibleConstructNPE(Deserializer deserializer, boolean compatible) throws Exception {
+        assertEquals(JavaDeserializer.class, deserializer.getClass());
+        assertEquals(compatible, getFieldValue(deserializer, "compatibleConstructNPE"));
+        Object[] args = (Object[]) getFieldValue(deserializer, "_constructorArgs");
+        for (int i = 0; i < args.length; i++) {
+            if (compatible) {
+                assertNotNull(args[i]);
+            } else {
+                assertNull(args[i]);
+            }
+        }
+    }
+
+}
diff --git a/hessian-lite/src/test/java/com/alibaba/com/caucho/hessian/io/base/SerializeTestBase.java b/hessian-lite/src/test/java/com/alibaba/com/caucho/hessian/io/base/SerializeTestBase.java
@@ -4,16 +4,20 @@
 import com.alibaba.com.caucho.hessian.io.Hessian2Output;
 import com.alibaba.com.caucho.hessian.io.HessianInput;
 import com.alibaba.com.caucho.hessian.io.HessianOutput;
+import com.alibaba.com.caucho.hessian.io.SerializerFactory;
 
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
+import java.lang.reflect.Field;
 
 /**
  * hession base serialize utils
  *
  */
 public class SerializeTestBase {
+    protected SerializerFactory factory = new SerializerFactory();
+
     /**
      * hession serialize util
      *
@@ -22,6 +26,7 @@ public class SerializeTestBase {
      * @return
      * @throws IOException
      */
+    @SuppressWarnings("unchecked")
     protected <T> T baseHessionSerialize(T data) throws IOException {
         ByteArrayOutputStream bout = new ByteArrayOutputStream();
         HessianOutput out = new HessianOutput(bout);
@@ -31,6 +36,7 @@ protected <T> T baseHessionSerialize(T data) throws IOException {
 
         ByteArrayInputStream bin = new ByteArrayInputStream(bout.toByteArray());
         HessianInput input = new HessianInput(bin);
+        input.setSerializerFactory(factory);
         return (T) input.readObject();
     }
 
@@ -42,6 +48,7 @@ protected <T> T baseHessionSerialize(T data) throws IOException {
      * @return
      * @throws IOException
      */
+    @SuppressWarnings("unchecked")
     protected <T> T baseHession2Serialize(T data) throws IOException {
         ByteArrayOutputStream bout = new ByteArrayOutputStream();
         Hessian2Output out = new Hessian2Output(bout);
@@ -51,6 +58,14 @@ protected <T> T baseHession2Serialize(T data) throws IOException {
 
         ByteArrayInputStream bin = new ByteArrayInputStream(bout.toByteArray());
         Hessian2Input input = new Hessian2Input(bin);
+        input.setSerializerFactory(factory);
         return (T) input.readObject();
     }
+
+    @SuppressWarnings("unchecked")
+    protected <T> T getFieldValue(Object bean, String fieldName) throws Exception {
+        Field field = bean.getClass().getDeclaredField(fieldName);
+        if (!field.isAccessible()) field.setAccessible(true);
+        return (T) field.get(bean);
+    }
 }
diff --git a/hessian-lite/src/test/java/com/alibaba/com/caucho/hessian/io/beans/ConstructAlwaysNPE.java b/hessian-lite/src/test/java/com/alibaba/com/caucho/hessian/io/beans/ConstructAlwaysNPE.java
@@ -0,0 +1,26 @@
+package com.alibaba.com.caucho.hessian.io.beans;
+
+import java.sql.SQLException;
+
+/**
+ * <a href="https://github.com/apache/incubator-dubbo/issues/210">#210</a>
+ */
+public class ConstructAlwaysNPE extends RuntimeException {
+    private static final long serialVersionUID = 1L;
+    private final String sql;
+
+    public ConstructAlwaysNPE(String task, String sql, SQLException ex) {
+        super(task + "; uncategorized SQLException for SQL [" + sql + "]; SQL state [" +
+                ex.getSQLState() + "]; error code [" + ex.getErrorCode() + "]; " + ex.getMessage(), ex);
+        if (sql.length() == 0) throw new NullPointerException("sql=" + sql);
+        this.sql = sql;
+    }
+
+    public SQLException getSQLException() {
+        return (SQLException) getCause();
+    }
+
+    public String getSql() {
+        return this.sql;
+    }
+}
diff --git a/hessian-lite/src/test/java/com/alibaba/com/caucho/hessian/io/beans/ConstructNPE.java b/hessian-lite/src/test/java/com/alibaba/com/caucho/hessian/io/beans/ConstructNPE.java
@@ -0,0 +1,26 @@
+package com.alibaba.com.caucho.hessian.io.beans;
+
+import java.sql.SQLException;
+
+/**
+ * <a href="https://github.com/apache/incubator-dubbo/issues/210">#210</a>
+ * @see org.springframework.jdbc.UncategorizedSQLException
+ */
+public class ConstructNPE extends RuntimeException {
+    private static final long serialVersionUID = 1L;
+    private final String sql;
+
+    public ConstructNPE(String task, String sql, SQLException ex) {
+        super(task + "; uncategorized SQLException for SQL [" + sql + "]; SQL state [" +
+                ex.getSQLState() + "]; error code [" + ex.getErrorCode() + "]; " + ex.getMessage(), ex);
+        this.sql = sql;
+    }
+
+    public SQLException getSQLException() {
+        return (SQLException) getCause();
+    }
+
+    public String getSql() {
+        return this.sql;
+    }
+}
