Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[BUG]fastjson2 在反序列化列表对象存在引用关系时,存在数据数组越界或者数据丢失的问题。 #2148

Closed
zhuangdeshuai opened this issue Jan 3, 2024 · 2 comments
Closed

[BUG]fastjson2 在反序列化列表对象存在引用关系时,存在数据数组越界或者数据丢失的问题。 #2148

zhuangdeshuai opened this issue Jan 3, 2024 · 2 comments
Labels
bug Something isn't working fixed
Milestone
2.0.45

Comments

@zhuangdeshuai
Copy link
Contributor

问题描述

简要描述您碰到的问题。
fastjson2 在反序列化列表对象存在引用关系时,存在数据数组越界或者数据丢失的问题。
Exception in thread "main" java.lang.IndexOutOfBoundsException: Index: 4, Size: 2
at java.util.ArrayList.rangeCheck(ArrayList.java:657)
at java.util.ArrayList.set(ArrayList.java:448)
at com.alibaba.fastjson2.JSONReader.handleResolveTasks(JSONReader.java:454)
at com.alibaba.fastjson2.JSONB.parseObject(JSONB.java:544)

环境信息

请填写以下信息:

  • OS信息: [e.g.:CentOS 8.4.2105 4Core 3.10GHz 16 GB]
  • JDK信息: [e.g.:Openjdk 1.8.0_312]
  • 版本信息:[e.g.:Fastjson2 2.0.43]

重现步骤

如何操作可以重现该问题:

  1. 使用 com.alibaba.fastjson2.JSONB#parseObject(byte[], java.lang.Class<T>, com.alibaba.fastjson2.filter.Filter, com.alibaba.fastjson2.JSONReader.Feature...) 方法
  2. 输入 [{"perPkgId":"id_1","name":"pkg 1","desc":"demo 1","service":"service A","perItems":[{"code":"business_management","name":"business management","desc":"business management","service":"service A"},{"code":"application_management","name":"application management","desc":"application management","service":"service A"},{"code":"flow_role_permission_management","name":"flow role permission management","desc":"flow role permission management","service":"service A"}]},{"perPkgId":"id_2","name":"pkg 2","desc":"demo 2","service":"service A","perItems":[{"code":"business_management","name":"business management","desc":"business management","service":"service A"},{"code":"application_management","name":"application management","desc":"application management","service":"service A"},{"code":"canvas_role_permission_management","name":"canvas role permission management","desc":"canvas role permission management","service":"service A"},{"code":"canvas_service_authorization","name":"canvas service authorization","desc":"canvas service authorization","service":"service A"},{"code":"flow_role_permission_management","name":"flow role permission management","desc":"flow role permission management","service":"service A"}]}] 数据
  3. 出现 Exception in thread "main" java.lang.IndexOutOfBoundsException: Index: 4, Size: 2 at java.util.ArrayList.rangeCheck(ArrayList.java:657) at java.util.ArrayList.set(ArrayList.java:448) at com.alibaba.fastjson2.JSONReader.handleResolveTasks(JSONReader.java:454) at com.alibaba.fastjson2.JSONB.parseObject(JSONB.java:544) 错误
 List<PerPkgResponse> pkgs = new ArrayList<>();
        PerPkgResponse onePkg = new PerPkgResponse();
        onePkg.setPerPkgId("id_1");
        onePkg.setDesc("demo 1");
        onePkg.setName("pkg 1");
        onePkg.setService("service A");

        PerItemResponse pkg1Item1 = new PerItemResponse();
        pkg1Item1.setCode(PermissionEnum.BUSINESS_MANAGEMENT);
        pkg1Item1.setDesc("business management");
        pkg1Item1.setName("business management");
        pkg1Item1.setService("service A");

        PerItemResponse pkg1Item2 = new PerItemResponse();
        pkg1Item2.setCode(PermissionEnum.APPLICATION_MANAGEMENT);
        pkg1Item2.setDesc("application management");
        pkg1Item2.setName("application management");
        pkg1Item2.setService("service A");

        PerItemResponse pkg1Item3 = new PerItemResponse();
        pkg1Item3.setCode(PermissionEnum.FLOW_ROLE_PERMISSION_MANAGEMENT);
        pkg1Item3.setDesc("flow role permission management");
        pkg1Item3.setName("flow role permission management");
        pkg1Item3.setService("service A");

        List<PerItemResponse> pkg1Items = new ArrayList<>();
        pkg1Items.add(pkg1Item1);
        pkg1Items.add(pkg1Item2);
        pkg1Items.add(pkg1Item3);

        onePkg.setPerItems(pkg1Items);

        PerPkgResponse twoPkg = new PerPkgResponse();

        twoPkg.setPerPkgId("id_2");
        twoPkg.setDesc("demo 2");
        twoPkg.setName("pkg 2");
        twoPkg.setService("service A");

        PerItemResponse pkg2Item1 = new PerItemResponse();
        pkg2Item1.setCode(PermissionEnum.CANVAS_ROLE_PERMISSION_MANAGEMENT);
        pkg2Item1.setDesc("canvas role permission management");
        pkg2Item1.setName("canvas role permission management");
        pkg2Item1.setService("service A");

        PerItemResponse pkg2Item2 = new PerItemResponse();
        pkg2Item2.setCode(PermissionEnum.CANVAS_SERVICE_AUTHORIZATION);
        pkg2Item2.setDesc("canvas service authorization");
        pkg2Item2.setName("canvas service authorization");
        pkg2Item2.setService("service A");

        List<PerItemResponse> pkg2Items = new ArrayList<>();
        pkg2Items.add(pkg1Item1);
        pkg2Items.add(pkg1Item2);
        pkg2Items.add(pkg2Item1);
        pkg2Items.add(pkg2Item2);
        pkg2Items.add(pkg1Item3);

        twoPkg.setPerItems(pkg2Items);

        pkgs.add(onePkg);
        pkgs.add(twoPkg);



//        byte[] bytes = JSONB.toBytes(pkgs);
        byte[] bytes = JSONB.toBytes(pkgs, JSONWriter.Feature.WriteClassName,
                JSONWriter.Feature.FieldBased,
                JSONWriter.Feature.ErrorOnNoneSerializable,
                JSONWriter.Feature.ReferenceDetection,
                JSONWriter.Feature.WriteNulls,
                JSONWriter.Feature.NotWriteDefaultValue,
                JSONWriter.Feature.NotWriteHashMapArrayListClassName,
                JSONWriter.Feature.WriteNameAsSymbol);

        System.out.println(new String(bytes));

        SerializeSecurityManager  serializeSecurityManager = new SerializeSecurityManager();
        Fastjson2SecurityManager.Handler handler = new Fastjson2SecurityManager.Handler(SerializeCheckStatus.WARN, serializeSecurityManager, true, new String[0], new ConcurrentHashSet<>());
        Object val = JSONB.parseObject(bytes, List.class, handler, JSONReader.Feature.UseDefaultConstructorAsPossible,
                JSONReader.Feature.ErrorOnNoneSerializable,
                JSONReader.Feature.IgnoreAutoTypeNotMatch,
                JSONReader.Feature.UseNativeObject,
                JSONReader.Feature.FieldBased);

        System.out.println(val);

期待的正确结果

对您期望发生的结果进行清晰简洁的描述。
反序列化后得到的数据和原数据相同,实际情况是出现数组越界问题。
且如果修改测试代码中 删除 pkg2Items.add(pkg1Item3); 实际情况就是pkg2的items数据只剩下两条,丢失两条数据

相关日志输出

请复制并粘贴任何相关的日志输出。

附加信息

如果你还有其他需要提供的信息,可以在这里填写(可以提供截图、视频等)。
@zhuangdeshuai zhuangdeshuai added the bug Something isn't working label Jan 3, 2024
@zhuangdeshuai zhuangdeshuai changed the title [BUG] [BUG]fastjson2 在反序列化列表对象存在引用关系时,存在数据数组越界或者数据丢失的问题。 Jan 3, 2024
@zhuangdeshuai
Copy link
Contributor Author

问题在com.alibaba.fastjson2.JSONReader.java中
454行的 list.set(index, fieldValue)改成 list.add(index, fieldValue)就行。

@zhuangdeshuai zhuangdeshuai mentioned this issue Jan 3, 2024
Merged
3 tasks
@wenshao wenshao added this to the 2.0.45 milestone Jan 6, 2024
@wenshao wenshao added the fixed label Jan 6, 2024
@wenshao
Copy link
Member

wenshao commented Jan 7, 2024

https://github.com/alibaba/fastjson2/releases/tag/2.0.45
问题已修复,请用新版本

@wenshao wenshao closed this as completed Jan 7, 2024
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
bug Something isn't working fixed
Projects
None yet
Milestone
2.0.45
Development

No branches or pull requests
2 participants
@wenshao @zhuangdeshuai