Uploaded image for project: 'Hibernate Validator'
  1. HV-1692

Custom group sequence might cause StackOverflowError on objects with cycles


    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 6.0.15.Final, 6.1.0.Alpha3
    • Component/s: engine
    • Labels:


      Test case - https://github.com/hibernate/hibernate-test-case-templates/pull/26

      It is possible to cause stack overflow with custom groups sequence for beans with circular reference.

      As seen in my test case (below) validation of object graph with a loop might blow the stack.

      Supposedly, there are two reasons:

      Node hash code does not consider path

      NodeImpl stopped using parent hash in its own hash code (jira: HV-1480 Closed , PR#845).

      This forced CachingTraversableResolverForSingleValidation to return false-positive for node in a loop.

      For my test case it causes traversables to return cached object regardless of actual path in object (pathToTraversableObject.toString() - bean.yourAnnotatedBean.bean.yourAnnotatedBean.bean.yourAnnotatedBean.bean.yourAnnotatedBean.bean.yourAnnotatedBean.bean.yourAnnotatedBean.bean)

      HV 5 it was less of an issue, since our custom traversable resolver was called, which gave us a chance to control the validation flow.

      Ordering of groups

      Custom groups enables ValidatorImpl.validateConstraintsForDefaultGroup() to override group sequence and if default group is not last in this list, it causes validationContext.markCurrentBeanAsProcessed( valueContext ) to mark wrong group in processedGroupUnits. When it cascades to next level with default group, which is getting replaced with custom constrain and marked as processed (and so on)...
      The bean is never returned as processed for default group.

      It is possible to workaround issue by re-arranging groups.

      @GroupSequence({ Magic.class,YourAnnotatedBean.class})
      public class YourAnnotatedBean { ... }




            • Votes:
              0 Vote for this issue
              2 Start watching this issue


              • Created: