fast-serialization icon indicating copy to clipboard operation
fast-serialization copied to clipboard
verified publisher icon RuedigerMoeller

Deserialization after adding new field in Serializable class doesn't throw any exception.

Open bkatwal opened this issue 8 years ago • 3 comments

I am using FST to serialize and deserialize java objects in/out of redis. FST version used: 1.63(issue producible even in 2.47) Below is the code used:

static FSTConfiguration conf = FSTConfiguration.createDefaultConfiguration();

for serialize: byte[] bytes = conf.asByteArray((Serializable) object);

Deserialize: conf.asObject(uncompressedBytes);

Deserialization after adding new field in Serializable class doesn't throw any exception instead it deserialize the byte[] with incorrect data.

I serialized below object with values mentioned in comment: public class TestPojo implements Serializable {

private static final long serialVersionUID = 6414799007524074403L; int id; //11 String name; // Bikas String address; // null

//getter and setters }

To test our production case, before deserializing the object I removed "address" field. To my surprise it doesn't throw any exception instead it deserialze the TestPojo object successfully with incorrect value: id=11 and name=null

bkatwal avatar May 14 '17 14:05 bkatwal

fst does not make any attempts on versioning (see readme front page), you need to come up with a manual solution at this point in time :)

RuedigerMoeller avatar May 31 '17 00:05 RuedigerMoeller

Any examples how to handle it?

mrshawn191 avatar Dec 07 '17 10:12 mrshawn191

Create a new Subclass which then contains the new field for backward compatibility. The binary stream cannot recover from such changes.

RuedigerMoeller avatar Dec 07 '17 11:12 RuedigerMoeller