Skip to content
This repository has been archived by the owner on Oct 23, 2024. It is now read-only.

字段过多导致反序列化失败 #4409

Open
Iamxf opened this issue Jun 9, 2023 · 0 comments
Open

字段过多导致反序列化失败 #4409

Iamxf opened this issue Jun 9, 2023 · 0 comments

Comments

@Iamxf
Copy link

Iamxf commented Jun 9, 2023
edited
Loading

fastjson版本:1.2.83

类xxx.java字段过多时,执行JSON.toJavaObject(JSON.parseObject(a), xxx.class),报错:

java.lang.VerifyError: (class: com/alibaba/fastjson/parser/deserializer/FastjsonASMDeserializer_1_xxx, method: deserialze signature: (Lcom/alibaba/fastjson/parser/DefaultJSONParser;Ljava/lang/reflect/Type;Ljava/lang/Object;I)Ljava/lang/Object;) Register 5 contains wrong type
	at java.base/java.lang.Class.getDeclaredConstructors0(Native Method)
	at java.base/java.lang.Class.privateGetDeclaredConstructors(Class.java:3137)
	at java.base/java.lang.Class.getConstructor0(Class.java:3342)
	at java.base/java.lang.Class.getConstructor(Class.java:2151)
	at com.alibaba.fastjson.parser.deserializer.ASMDeserializerFactory.createJavaBeanDeserializer(ASMDeserializerFactory.java:87)
	at com.alibaba.fastjson.parser.ParserConfig.createJavaBeanDeserializer(ParserConfig.java:1073)
	at com.alibaba.fastjson.parser.ParserConfig.getDeserializer(ParserConfig.java:879)
	at com.alibaba.fastjson.parser.ParserConfig.getDeserializer(ParserConfig.java:584)
	at com.alibaba.fastjson.util.TypeUtils.castToJavaBean(TypeUtils.java:1559)
	at com.alibaba.fastjson.util.TypeUtils.cast(TypeUtils.java:1127)
	at com.alibaba.fastjson.JSON.toJavaObject(JSON.java:1236)

断点调试之后发现,代码执行到 com.alibaba.fastjson.parser.deserializer.ASMDeserializerFactory#_deserialze_list_obj 的 mw.visitIincInsn(context.var("i"), 1) 这一行时,context.var("i")这个值是261,在最后生成的class里本应该是++var261,visitIincInsn内部会把context.var("i")强转成byte,(byte)261=5,于是实际上这一行会变成++var5,于是发生了上面的错误。

但是实际上代码里也有支持context.var("i")超出byte范围的逻辑,但是好像被注释掉了?

    public void visitIincInsn(final int var, final int increment) {
        // adds the instruction to the bytecode of the method
//        if ((var > 255) || (increment > 127) || (increment < -128)) {
//            code.putByte(196 /* WIDE */).put12(Opcodes.IINC, var).putShort(increment);
//        } else {
            code.putByte(132 /* Opcodes.IINC*/ ).put11(var, increment);
//        }
    }

	ByteVector put11(final int b1, final int b2) {
		int length = this.length;
		if (length + 2 > data.length) {
			enlarge(2);
		}
		final byte[] data = this.data;
		data[length++] = (byte) b1;
		data[length++] = (byte) b2;
		this.length = length;
		return this;
	}
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Iamxf