A JSON serialization exception can lead to corrupted output being written to the OutputStream of the response.

[light0x00]

Affects: 5.3.31

Happening in the phrase of writing object returned by endpoint(controller method) to the OutputStream of response body.

When the ObjectWriter#writeValue(JsonGenerator g, Object value) throw exception, eg: due to a null key of HashMap:

In such case, theObjectWriter#close method will be called( invoke by the try-resources statement), it will write the intermediate corrupted result to the OutputStream.

Whereafter, the DispatcherServlet#processDispatchResult method will trigger HandlerExceptionResolver, which will cause a secondary writing.

Stand in the perspective of the client, a corrupted response they will get.

{"success":true,"data":{}}{"success":false}

The {"success":true,"data":{}} written by ObjectWriter#close, and the {"success":false} written by HandlerExceptionResolver.

[bclozel]

This is a known behavior - once the response is written to, there is no strong guarantee that we can reset it to write the payload contributed by error handlers.

We improved this in #31104, but unfortunately we cannot backport this change so late in the 5.3.x generation. Please consider upgrading to a newer version of Spring Framework.