Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Polymorphic serialization hangs #179

Closed
ukarlsson opened this issue Sep 2, 2021 · 5 comments
Closed

Polymorphic serialization hangs #179

ukarlsson opened this issue Sep 2, 2021 · 5 comments
Labels
state:waiting for response Waiting for response from submitter

Comments

@ukarlsson
Copy link

Hello. Many thanks for this great library. We ran into an issue that is quite strange. The deserialization hangs in this specific case, meaning that the process does not terminate, but uses 100% CPU.

import com.charleskorn.kaml.Yaml
import kotlinx.serialization.SerialName
import kotlinx.serialization.Serializable
import kotlinx.serialization.builtins.ListSerializer

@Serializable
private sealed class K {
    @Serializable
    @SerialName("x")
    data class X(
        val property: List<String>? = null,
    ) : K()
}

const val s = """
- !<x>
"""

fun main() {
    Yaml.default.decodeFromString(ListSerializer(K.serializer()), s)
}

This is what I see when I pause and enter debugger

image

@charleskorn
Copy link
Owner

Thanks for the bug report @ukarlsson. Are you able to share a sample project that triggers this issue?

If not, could you please share what version of kaml, Kotlin and kotlinx.serialization you're using?

@charleskorn charleskorn added the state:waiting for response Waiting for response from submitter label Sep 4, 2021
@ukarlsson
Copy link
Author

Latest versions that I could find. I attached project

kaml-bug.tar.gz

@charleskorn
Copy link
Owner

Thanks for the sample project.

I've been able to reproduce the issue, and slightly simplify the scenario that triggers it:

import com.charleskorn.kaml.Yaml
import kotlinx.serialization.SerialName
import kotlinx.serialization.Serializable

@Serializable
private sealed class K {
    @Serializable
    @SerialName("x")
    data class X(
        val property: String? = null,
    ) : K()
}

const val s = """
!<x>
"""

fun main() {
    println("Started.")
    val result = Yaml.default.decodeFromString(K.serializer(), s)
    println("Finished, result is $result")
}

The hang doesn't happen when PolymorphismStyle.Property is used - it only affects tagged polymorphism.

@charleskorn
Copy link
Owner

Thanks again for reporting this issue @ukarlsson. I've fixed it and 0.35.3 includes the fix.

Note that this may be a vulnerability depending on how your application uses kaml - please see the security advisory for more information.

@ukarlsson
Copy link
Author

Many thanks for fixing quickly!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
state:waiting for response Waiting for response from submitter
Projects
None yet
Development

No branches or pull requests

2 participants