Uploaded image for project: 'JBoss Marshalling'
  1. JBoss Marshalling
  2. JBMAR-240

Missing impl of validation in deSerialization causes memory leak

XMLWordPrintable

    • Hide

      i do not have a small working example... the issue is embedded in a large system.

      however, implementing de-serialization validation callbacks is not an option, plz look at java documentation.

       

      Show
      i do not have a small working example... the issue is embedded in a large system. however, implementing de-serialization validation callbacks is not an option, plz look at java documentation.  
    • Hide

      no simple workaround exists. make the root object class being serialized cloneable?

      Show
      no simple workaround exists. make the root object class being serialized cloneable?
    • Low

      jboss-marshalling/tree/main/api/src/main/java/org/jboss/marshalling/cloner]/SerializingCloner.java

      implements inner class StepObjectInputStream which extends MarshallerObjectInputStream

       

      But registerValidation is not implemented, its an empty function.

       

      It is required that it be implemented, in particular javax.swing.JComponent uses it and builds a static internal table(readObjectCallbacks ) that is only cleared of entries when they are used.

      not allowing JComponent to clear its readObjectCallbacks table results in a memory leak. the more often this is called the bigger the leak. what winds up being leaked are instances of SerializingCloner and its inner class StepObjectInputStream.

      a close review of the java std implementation of ObjectInputStream will show what steps are required to implement a fix.

      i've attached a screen shot of the heap memory analyzer output. notice that there is a static table that is taking up over 300MB of space in the JComponent class, named readObjectCallbacks, it has 22K entries, each one of which has as a key the SerializingCloner's inner class StepObjectInputStream object.

              Unassigned Unassigned
              mitch.bass@probussys.com mitch bass (Inactive)
              David Lloyd (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: