Skip to content

A JSON serialization exception can lead to corrupted output being written to the OutputStream of the response. #33358

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
light0x00 opened this issue Aug 9, 2024 · 1 comment
Closed

A JSON serialization exception can lead to corrupted output being written to the OutputStream of the response. #33358

light0x00 opened this issue Aug 9, 2024 · 1 comment
Labels
in: web Issues in web modules (web, webmvc, webflux, websocket) status: duplicate A duplicate of another issue

Comments

@light0x00
Copy link

light0x00 commented Aug 9, 2024
edited
Loading

Affects: 5.3.31

Happening in the phrase of writing object returned by endpoint(controller method) to the OutputStream of response body.

image

When the ObjectWriter#writeValue(JsonGenerator g, Object value) throw exception, eg: due to a null key of HashMap:

image

In such case, theObjectWriter#close method will be called( invoke by the try-resources statement), it will write the intermediate corrupted result to the OutputStream.

image

Whereafter, the DispatcherServlet#processDispatchResult method will trigger HandlerExceptionResolver, which will cause a secondary writing.

image

Stand in the perspective of the client, a corrupted response they will get.

{"success":true,"data":{}}{"success":false}

The {"success":true,"data":{}} written by ObjectWriter#close, and the {"success":false} written by HandlerExceptionResolver.
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged or decided on label Aug 9, 2024
@light0x00 light0x00 changed the title Json Json serialization exception cause a corrupted result to the OutputStream of response. Aug 9, 2024
@light0x00 light0x00 changed the title Json serialization exception cause a corrupted result to the OutputStream of response. Json serialization exception cause a corrupted result writting to the OutputStream of response. Aug 9, 2024
@light0x00 light0x00 changed the title Json serialization exception cause a corrupted result writting to the OutputStream of response. A JSON serialization exception can lead to corrupted output being written to the OutputStream of the response. Aug 9, 2024
@bclozel
Copy link
Member

bclozel commented Aug 9, 2024

This is a known behavior - once the response is written to, there is no strong guarantee that we can reset it to write the payload contributed by error handlers.

We improved this in #31104, but unfortunately we cannot backport this change so late in the 5.3.x generation. Please consider upgrading to a newer version of Spring Framework.

@bclozel bclozel closed this as not planned Won't fix, can't repro, duplicate, stale Aug 9, 2024
@bclozel bclozel added status: duplicate A duplicate of another issue in: web Issues in web modules (web, webmvc, webflux, websocket) and removed status: waiting-for-triage An issue we've not yet triaged or decided on labels Aug 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
in: web Issues in web modules (web, webmvc, webflux, websocket) status: duplicate A duplicate of another issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bclozel @spring-projects-issues @light0x00