You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If we call this endpoint on browser with GET call without any parameters, we land into DefaultEndpointProcessor and get
{"error":"invalid_request"}
as expected.
However on a second call with the same invalid request causes a NPE (stack trace enabled by <transport printStackTrace="true"/>):
java.lang.NullPointerException
at java.base/java.lang.System.arraycopy(Native Method)
at com.fasterxml.jackson.core.json.UTF8JsonGenerator._writeBytes(UTF8JsonGenerator.java:1304)
at com.fasterxml.jackson.core.json.UTF8JsonGenerator._verifyValueWrite(UTF8JsonGenerator.java:1181)
at com.fasterxml.jackson.core.json.UTF8JsonGenerator.writeStartObject(UTF8JsonGenerator.java:380)
at com.predic8.membrane.core.interceptor.oauth2.OAuth2Util.createParameterizedJsonErrorResponse(OAuth2Util.java:55)
at com.predic8.membrane.core.interceptor.oauth2.processors.DefaultEndpointProcessor.process(DefaultEndpointProcessor.java:34)
at com.predic8.membrane.core.interceptor.oauth2.processors.OAuth2Processors.runProcessors(OAuth2Processors.java:35)
at com.predic8.membrane.core.interceptor.oauth2.OAuth2AuthorizationServerInterceptor.handleRequest(OAuth2AuthorizationServerInterceptor.java:138)
at com.predic8.membrane.core.interceptor.InterceptorFlowController.invokeRequestHandlers(InterceptorFlowController.java:111)
at com.predic8.membrane.core.interceptor.UserFeatureInterceptor.handleRequest(UserFeatureInterceptor.java:44)
at com.predic8.membrane.core.interceptor.InterceptorFlowController.invokeRequestHandlers(InterceptorFlowController.java:111)
at com.predic8.membrane.core.interceptor.InterceptorFlowController.invokeHandlers(InterceptorFlowController.java:76)
at com.predic8.membrane.core.transport.http.AbstractHttpHandler.invokeHandlers(AbstractHttpHandler.java:61)
at com.predic8.membrane.core.transport.http.HttpServerHandler.process(HttpServerHandler.java:227)
at com.predic8.membrane.core.transport.http.HttpServerHandler.run(HttpServerHandler.java:128)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.lang.Thread.run(Thread.java:840)
I created a Unit Test to reproduce the issue (generation of json2 causes NPE).
I made a quick fix by re-creating the JsonGenerator on resetAndGet call.
If you can find a more fine granular solution without re-creating the JsonGenerator then you can get a better performance for JSON generation.
Hello everyone,
We have the oauth2authserver endpoints under:
https://localhost:8843/auth/
If we call this endpoint on browser with GET call without any parameters, we land into DefaultEndpointProcessor and get
{"error":"invalid_request"}
as expected.
However on a second call with the same invalid request causes a NPE (stack trace enabled by <transport printStackTrace="true"/>):
Reason behind this is UTF8JsonGenerator uses a "_outputBuffer" array internally.
This array is initialized in the Constructor.
https://github.com/FasterXML/jackson-core/blob/jackson-core-2.17.2/src/main/java/com/fasterxml/jackson/core/json/UTF8JsonGenerator.java#L131
or
https://github.com/FasterXML/jackson-core/blob/jackson-core-2.17.2/src/main/java/com/fasterxml/jackson/core/json/UTF8JsonGenerator.java#L164
This array is set to null by UTF8JsonGenerator ._releaseBuffers method after execution of the request.
https://github.com/FasterXML/jackson-core/blob/jackson-core-2.17.2/src/main/java/com/fasterxml/jackson/core/json/UTF8JsonGenerator.java#L1277
on the next call for writeStartObject we get a NPE since the internal buffer is not re-initialized.
The text was updated successfully, but these errors were encountered: