Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mutating results of JsonSerializerContext.GetTypeInfo can result in corruption of static metadata properties #76682

Closed
layomia opened this issue Oct 5, 2022 · 2 comments
Closed

Mutating results of JsonSerializerContext.GetTypeInfo can result in corruption of static metadata properties #76682

layomia opened this issue Oct 5, 2022 · 2 comments
Labels
area-System.Text.Json
Milestone
7.0.0

Comments

@layomia
Copy link
Contributor

layomia commented Oct 5, 2022 

    A more insidious instantiation of the bug above is that mutating results of `JsonSerializerContext.GetTypeInfo` can result in corruption of static metadata properties, as illustrated by the example below:

JsonTypeInfo foo = MySerializerContext.Default.GetTypeInfo(typeof(MyClass));
foo.Properties.Clear();

Console.WriteLine(MySerializerContext.Default.MyClass.Properties.Count); // 0, properties dropped from a seemingly unrelated instance

[JsonSerializable(typeof(MyClass))]
public partial class MySerializerContext : JsonSerializerContext
{
}
public class MyClass
{
    public int A0 { get; set; }
}

Bare minimum, we should make sure that modifications don't allow cross-contamination in .NET 7.

Originally posted by @eiriktsarpalis in #76535 (comment)
@layomia layomia self-assigned this Oct 5, 2022
@ghost ghost added the untriaged New issue has not been triaged by the area owner label Oct 5, 2022
@layomia layomia added this to the 7.0.0 milestone Oct 5, 2022
@ghost
Copy link

ghost commented Oct 5, 2022

Tagging subscribers to this area: @dotnet/area-system-text-json, @gregsdennis
See info in area-owners.md if you want to be subscribed.

Issue Details 
    A more insidious instantiation of the bug above is that mutating results of `JsonSerializerContext.GetTypeInfo` can result in corruption of static metadata properties, as illustrated by the example below:

JsonTypeInfo foo = MySerializerContext.Default.GetTypeInfo(typeof(MyClass));
foo.Properties.Clear();

Console.WriteLine(MySerializerContext.Default.MyClass.Properties.Count); // 0, properties dropped from a seemingly unrelated instance

[JsonSerializable(typeof(MyClass))]
public partial class MySerializerContext : JsonSerializerContext
{
}
public class MyClass
{
    public int A0 { get; set; }
}

Bare minimum, we should make sure that modifications don't allow cross-contamination in .NET 7.

Originally posted by @eiriktsarpalis in #76535 (comment)

Author: layomia
Assignees: layomia
Labels:

area-System.Text.Json, untriaged
Milestone: -

@ghost ghost removed the untriaged New issue has not been triaged by the area owner label Oct 5, 2022
@layomia layomia removed their assignment Oct 5, 2022
@layomia
Copy link
Contributor Author

layomia commented Oct 5, 2022

Same fix as #76535.

@layomia layomia closed this as completed Oct 5, 2022
@ghost ghost locked as resolved and limited conversation to collaborators Nov 5, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
area-System.Text.Json
Projects
None yet
Milestone
7.0.0
Development

No branches or pull requests
1 participant
@layomia