sablevm-developer

[Sablevm-developer] Deserialization of arrays of objects.

[James D. <jd...@ny...>]

I ran into a bug in SableVM v1.0.9 on February second with
deserialization of objects in arrays.  The bug is still in v1.1.0, so I
thought I'd resend my proposed fix, along with a simple testcase to show
the bug.

Basically, the deserialization code makes an assumption about the length
of the classname in the bytestream that isn't correct for arrays of
objects.

The source code in the attached file, when compiled with Sun's JDK
v1.3.1 throws "java.lang.ClassNotFoundException: Tryit$Inne
   at gnu.java.lang.SystemClassLoader.findClass
(SystemClassLoader.java:79)" when run under SableVM v1.1.0 (Debian
testing).

I haven't tested the following "obvious" diff (I don't have the sources
installed), but it shows what I *think* is the offending line of code. 
I'm sorry that I can't submit a fully tested patch, but I'm tainted
(I've read Sun's source), so this is the closest I dare come.  I'd be
happy to take whatever steps are suggested to help debug this issue,
however.

--- ClassLoader.java    Fri Feb  6 22:45:56 2004
+++ ClassLoader.java-patched    Fri Feb  6 22:46:09 2004
@@ -365,7 +365,7 @@
            
          case 'L':
            {
-             elementName = elementName.substring (1,
elementName.length() -
1);
+             elementName = elementName.substring (1,
elementName.length());
              element = loadClass (elementName, resolve);
            }
            break;

James Damour

Re: [Sablevm-developer] Deserialization of arrays of objects.

[David <db...@cs...>]

On Sun, Mar 14, 2004 at 04:40:29PM -0500, James Damour wrote:
> I ran into a bug in SableVM v1.0.9 on February second with
> deserialization of objects in arrays.  The bug is still in v1.1.0, so I
> thought I'd resend my proposed fix, along with a simple testcase to sho=
w
> the bug.
>=20
> Basically, the deserialization code makes an assumption about the lengt=
h
> of the classname in the bytestream that isn't correct for arrays of
> objects.
>=20
> The source code in the attached file, when compiled with Sun's JDK
> v1.3.1 throws "java.lang.ClassNotFoundException: Tryit$Inne
>    at gnu.java.lang.SystemClassLoader.findClass
> (SystemClassLoader.java:79)" when run under SableVM v1.1.0 (Debian
> testing).
>=20
> I haven't tested the following "obvious" diff (I don't have the sources
> installed), but it shows what I *think* is the offending line of code.=20
> I'm sorry that I can't submit a fully tested patch, but I'm tainted
> (I've read Sun's source), so this is the closest I dare come.  I'd be
> happy to take whatever steps are suggested to help debug this issue,
> however.
>=20
> --- ClassLoader.java    Fri Feb  6 22:45:56 2004
> +++ ClassLoader.java-patched    Fri Feb  6 22:46:09 2004
> @@ -365,7 +365,7 @@
>            =20
>           case 'L':
>             {
> -             elementName =3D elementName.substring (1,
> elementName.length() -
> 1);
> +             elementName =3D elementName.substring (1,
> elementName.length());
>               element =3D loadClass (elementName, resolve);
>             }
>             break;
>=20
> James Damour
>=20

Hi,

Thanks for your time of resending this bug report.

This bug is actually not located in this class, the -1 is necessary
to remove the ending ';' for the element array name "[Tryit$Inner;".

However, due to one bug in the reflection code I wrote, the ; was
getting removed for array types and this method was receiving
incorrectly "[Tryit$Inner" from time to time.

I am currently testing a fix for this bug.  I found a few more bugs
with your example.

I will look into it and report later.


David

---

David B=E9langer
Graduate Student
School of Computer Science
McGill University
Office: MC226

Web page:   http://www.cs.mcgill.ca/~dbelan2/
Public key: http://www.cs.mcgill.ca/~dbelan2/public_key.txt

Re: [Sablevm-developer] Deserialization of arrays of objects.

[David <db...@cs...>]

On Sun, Mar 14, 2004 at 04:40:29PM -0500, James Damour wrote:
>=20
> The source code in the attached file, when compiled with Sun's JDK
> v1.3.1 throws "java.lang.ClassNotFoundException: Tryit$Inne
>    at gnu.java.lang.SystemClassLoader.findClass
> (SystemClassLoader.java:79)" when run under SableVM v1.1.0 (Debian
> testing).
>=20

Hi James,

This bug as well as a few others concerning reflection on array class
types have been fixed in SableVM/staging and will probably made their
way into next SableVM release 1.1.1 that will be available some time
this week.

I can run your sample code and the output is below.  Note that I get
warning about some files.  I don't know much about these missing files
warnings.  I guess SableVM would need to provide these some day.

--------------------
Before serialization
Value #0 : 0
Value #1 : 1
Value #2 : 2
Value #3 : 3
Value #4 : 4
Value #5 : 5
Value #6 : 6
Value #7 : 7
Value #8 : 8
Value #9 : 9
WARNING: could not properly read security provider files:
         file:///home/david/local/sablevm-jit/lib/security/SableVM.securi=
ty
         file:///home/david/local/sablevm-jit/lib/security/classpath.secu=
rity
         Falling back to standard GNU security provider
After serialization
Value #0 : 0
Value #1 : 1
Value #2 : 2
Value #3 : 3
Value #4 : 4
Value #5 : 5
Value #6 : 6
Value #7 : 7
Value #8 : 8
Value #9 : 9
--------------


David

---

David B=E9langer
Graduate Student
School of Computer Science
McGill University
Office: MC226

Web page:   http://www.cs.mcgill.ca/~dbelan2/
Public key: http://www.cs.mcgill.ca/~dbelan2/public_key.txt