Skip to content

Comments

Fix InputStream deserialization bug#76

Open
mcck wants to merge 5 commits intoapache:masterfrom
mcck:master
Open

Fix InputStream deserialization bug#76
mcck wants to merge 5 commits intoapache:masterfrom
mcck:master

Conversation

@mcck
Copy link

@mcck mcck commented Oct 30, 2024

@AlbumenJ This code cannot completely solve the problem of deserializing InputStream:Fix input stream unable to being deserialized #14837
The code before modification is:

public Object readObject(AbstractHessianInput in) throws IOException {
    return in.readInputStream();
}

In in.readInputStream(), he only read InputStream of tag, and his data was not read. This will cause an error in the '_offset' when org.apache.dubbo.rpc.protocol.dubbo.DecodeableRpcResult#decode(org.apache.dubbo.remoting.Channel, java.io.InputStream) reads the map in the handleAttachment(in); method, throwing an exception;
So when deserializing InputStream, it is necessary to read its bytes and move _osffet to the correct position.

related issues:方法返回InputStream时expected map/object at java.lang.String异常

mcck added 4 commits October 30, 2024 14:21
反序列化InputStream时需要读取完他的字节,如果不读则在org.apache.dubbo.rpc.protocol.dubbo.DecodeableRpcResult#decode:handleAttachment(in); 抛出expected map/object at java.lang.String异常
Comment on lines 116 to 119
/**
* 测试81920字节,返回 ByteArrayInputStream
* 比缓冲区多10倍字节
*/
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please comment in English

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay, it has been modified

@mcck mcck requested a review from AlbumenJ October 31, 2024 03:27
@mcck mcck changed the title 修复InputStream反序列化bug Fix InputStream deserialization bug Oct 31, 2024
Comment on lines +100 to +105
// If the length of InputStream is greater than the buffer, create a temporary file and return it
String name = String.format("%d-%s.dubbo.tmp", System.currentTimeMillis(), UUID.randomUUID().toString().replace("-", ""));
file = new File(tmpDir, name);
// Close the stream in finally
//noinspection resource
out = new FileOutputStream(file);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using temp file in serilalization directly is not a good idea

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants