[JBMAR-237] SerializingCloner fails to correctly clone object graph with cyclic references implemented by HashSets

[dmlloyd]

Frank Schönheit opened JBMAR-237 and commented

Consider the following class (stripped version, complete version is attached):

class Node {
  private final Long id;
  private final Set<Node> leftReferences = new HashSet<>();
  private final Set<Node> rightReferences = new HashSet<>();

  public boolean equals(final Object obj) {
    // consider equal if and only if ids equal
    // ...
  }
}

With this class, it is possible to construct an object graph consisting of 4 nodes, which will be incorrectly cloned by SerializingCloner.clone().

More concrete:

• Instances A, B, C, D.
• A and B each reference C and D as "right node"
• C and D each reference A and B as "left node"
• A' = clone(A);
• A'.rightReferences contains one node which has only 1 left reference, where for A, all right references know both left references.

Consequently, if you return such a node from an EJB call (where it is handled by a SerializingCloner), the return value is silently corrupted.

(The above class is a very reduced version of a real-world example.)

---

Affects: 2.0.12.Final

Attachments:

• object-graph-marshalling.zip (2.26 kB)