Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Absent#equals bugs after serializing / deserializing

See original GitHub issue

After serializing / deserializing Absent instances won’t be the same (e.g. in an Apache Spark context with Kryo serialization).

Therefore the implementation below contains a bug. Why not just check if the two instances have the same class definition?

@Override public boolean equals(@Nullable Object object) {
  return object == this;
}

Issue Analytics

State:
Created 6 years ago
Comments:12 (9 by maintainers)

Top GitHub Comments

1reaction

kevinb9ncommented, Apr 5, 2017

Although Chris is right that making the specific change requested here wouldn’t hurt, I’m terrified to hear that people are serializing Guava types in ways like this. They’re going to have a lot of problems. I’m worried about creating any impression that Guava tries to work correctly in this kind of environment.

On Wed, Apr 5, 2017 at 11:34 AM, Michał Sobkiewicz <notifications@github.com

wrote:

Absent extends Optional, so it can’t extend Enum.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/google/guava/issues/2779#issuecomment-291954620, or mute the thread https://github.com/notifications/unsubscribe-auth/AA5Cl86Rsh3BZOIONw6-KE-GZgTb3LATks5rs96igaJpZM4M0Mw_ .

– Kevin Bourrillion | Java Librarian | Google, Inc. | kevinb@google.com

0reactions

cbismuthcommented, Apr 7, 2017

@lowasser I understand and totally agree, thank you.

Top Results From Across the Web

Serialization Security Bugs Explained - Daniel Miessler

In order to go from that serialized format to usable data, some software package needs to unpack that content, figure it out, and...

Deserialization Bugs in the Wild - Medium

Insecure deserialization is a type of vulnerability that arises when an attacker is able to manipulate the serialized object and cause ...

serialization - Is this a bug in JSON.NET or Entity Framework ...

NET type that implements ISerializable to force it to be serialized as a normal JSON object. Since you don't owe the DbUpdateConcurrencyException class,...

Systematically Hunting for Deserialization Exploits - Mandiant

Deserialization vulnerabilities are a class of bugs that have plagued multiple languages and applications over the years.

Deserialization risks in use of BinaryFormatter and related types

NET Framework all versions .NET Core 2.1 - 3.1 .NET 5 and later. Warning. The BinaryFormatter type is dangerous and is not recommended...