Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ReusableJsonGenerator causes NPE on the second call for invalid calls. #1346

Open
precoder opened this issue Nov 18, 2024 · 1 comment
Open

Comments

@precoder
Copy link
Contributor

Hello everyone,

We have the oauth2authserver endpoints under:
https://localhost:8843/auth/

If we call this endpoint on browser with GET call without any parameters, we land into DefaultEndpointProcessor and get
{"error":"invalid_request"}
as expected.

However on a second call with the same invalid request causes a NPE (stack trace enabled by <transport printStackTrace="true"/>):

java.lang.NullPointerException
	at java.base/java.lang.System.arraycopy(Native Method)
	at com.fasterxml.jackson.core.json.UTF8JsonGenerator._writeBytes(UTF8JsonGenerator.java:1304)
	at com.fasterxml.jackson.core.json.UTF8JsonGenerator._verifyValueWrite(UTF8JsonGenerator.java:1181)
	at com.fasterxml.jackson.core.json.UTF8JsonGenerator.writeStartObject(UTF8JsonGenerator.java:380)
	at com.predic8.membrane.core.interceptor.oauth2.OAuth2Util.createParameterizedJsonErrorResponse(OAuth2Util.java:55)
	at com.predic8.membrane.core.interceptor.oauth2.processors.DefaultEndpointProcessor.process(DefaultEndpointProcessor.java:34)
	at com.predic8.membrane.core.interceptor.oauth2.processors.OAuth2Processors.runProcessors(OAuth2Processors.java:35)
	at com.predic8.membrane.core.interceptor.oauth2.OAuth2AuthorizationServerInterceptor.handleRequest(OAuth2AuthorizationServerInterceptor.java:138)
	at com.predic8.membrane.core.interceptor.InterceptorFlowController.invokeRequestHandlers(InterceptorFlowController.java:111)
	at com.predic8.membrane.core.interceptor.UserFeatureInterceptor.handleRequest(UserFeatureInterceptor.java:44)
	at com.predic8.membrane.core.interceptor.InterceptorFlowController.invokeRequestHandlers(InterceptorFlowController.java:111)
	at com.predic8.membrane.core.interceptor.InterceptorFlowController.invokeHandlers(InterceptorFlowController.java:76)
	at com.predic8.membrane.core.transport.http.AbstractHttpHandler.invokeHandlers(AbstractHttpHandler.java:61)
	at com.predic8.membrane.core.transport.http.HttpServerHandler.process(HttpServerHandler.java:227)
	at com.predic8.membrane.core.transport.http.HttpServerHandler.run(HttpServerHandler.java:128)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
	at java.base/java.lang.Thread.run(Thread.java:840)

Reason behind this is UTF8JsonGenerator uses a "_outputBuffer" array internally.
This array is initialized in the Constructor.
https://github.com/FasterXML/jackson-core/blob/jackson-core-2.17.2/src/main/java/com/fasterxml/jackson/core/json/UTF8JsonGenerator.java#L131
or
https://github.com/FasterXML/jackson-core/blob/jackson-core-2.17.2/src/main/java/com/fasterxml/jackson/core/json/UTF8JsonGenerator.java#L164

This array is set to null by UTF8JsonGenerator ._releaseBuffers method after execution of the request.
https://github.com/FasterXML/jackson-core/blob/jackson-core-2.17.2/src/main/java/com/fasterxml/jackson/core/json/UTF8JsonGenerator.java#L1277

on the next call for writeStartObject we get a NPE since the internal buffer is not re-initialized.

precoder pushed a commit to precoder/service-proxy that referenced this issue Nov 18, 2024
@precoder
Copy link
Contributor Author

I created a Unit Test to reproduce the issue (generation of json2 causes NPE).
I made a quick fix by re-creating the JsonGenerator on resetAndGet call.
If you can find a more fine granular solution without re-creating the JsonGenerator then you can get a better performance for JSON generation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant