Closed phith0n closed 2 years ago
The char field is wrong for leaking parentheses.
Test sample class:
public class Sample { public static void main(String[] args) throws Exception { char s = 'Ā'; FileOutputStream fos = new FileOutputStream("bug.poc"); ObjectOutputStream oos = new ObjectOutputStream(fos); oos.writeObject(s); oos.close(); fos.close(); } }
expected result:
STREAM_MAGIC - 0xac ed STREAM_VERSION - 0x00 05 Contents TC_OBJECT - 0x73 TC_CLASSDESC - 0x72 className Length - 19 - 0x00 13 Value - java.lang.Character - 0x6a6176612e6c616e672e436861726163746572 serialVersionUID - 0x34 8b 47 d9 6b 1a 26 78 newHandle 0x00 7e 00 00 classDescFlags - 0x02 - SC_SERIALIZABLE fieldCount - 1 - 0x00 01 Fields 0: Char - C - 0x43 fieldName Length - 5 - 0x00 05 Value - value - 0x76616c7565 classAnnotations TC_ENDBLOCKDATA - 0x78 superClassDesc TC_NULL - 0x70 newHandle 0x00 7e 00 01 classdata java.lang.Character values value (char)Ā - 0x01 00
actual result:
STREAM_MAGIC - 0xac ed STREAM_VERSION - 0x00 05 Contents TC_OBJECT - 0x73 TC_CLASSDESC - 0x72 className Length - 19 - 0x00 13 Value - java.lang.Character - 0x6a6176612e6c616e672e436861726163746572 serialVersionUID - 0x34 8b 47 d9 6b 1a 26 78 newHandle 0x00 7e 00 00 classDescFlags - 0x02 - SC_SERIALIZABLE fieldCount - 1 - 0x00 01 Fields 0: Char - C - 0x43 fieldName Length - 5 - 0x00 05 Value - value - 0x76616c7565 classAnnotations TC_ENDBLOCKDATA - 0x78 superClassDesc TC_NULL - 0x70 newHandle 0x00 7e 00 01 classdata java.lang.Character values value (char) - 0x01 00
Merged. Thanks.
NickstaDB
commented
2 years ago NickstaDB
commented
2 years ago
The char field is wrong for leaking parentheses.
Test sample class:
expected result:
actual result: