Fix #2088

FasterXML · Aug 29, 2018 · 644831c · 644831c
1 parent 63d48ff
commit 644831c
Show file tree

Hide file tree

Showing 3 changed files with 49 additions and 1 deletion.
diff --git a/release-notes/VERSION-2.x b/release-notes/VERSION-2.x
@@ -12,6 +12,9 @@ Project: jackson-databind
 #2079: NPE when visiting StaticListSerializerBase
  (reported by WorldSEnder@github)
 #2082: `FactoryBasedEnumDeserializer` should be cachable
+#2088: `@JsonUnwrapped` fields are skipped when using `PropertyBasedCreator` if
+  they appear after the last creator property
+ (reported, fix contributed by 6bangs@github)
 #2096: `TreeTraversingParser` does not take base64 variant into account
  (reported by tangiel@github)
 #2097: Block more classes from polymorphic deserialization (CVE-2018-14718

diff --git a/src/main/java/com/fasterxml/jackson/databind/deser/BeanDeserializer.java b/src/main/java/com/fasterxml/jackson/databind/deser/BeanDeserializer.java
@@ -767,10 +767,17 @@ protected Object deserializeUsingPropertyBasedWithUnwrapped(JsonParser p, Deseri
                     p.setCurrentValue(bean);
                     // if so, need to copy all remaining tokens into buffer
                     while (t == JsonToken.FIELD_NAME) {
-                        p.nextToken(); // to skip name
+                        // NOTE: do NOT skip name as it needs to be copied; `copyCurrentStructure` does that
                         tokens.copyCurrentStructure(p);
                         t = p.nextToken();
                     }
+                    // 28-Aug-2018, tatu: Let's add sanity check here, easier to catch off-by-some
+                    //    problems if we maintain invariants
+                    if (t != JsonToken.END_OBJECT) {
+                        ctxt.reportWrongTokenException(this, JsonToken.END_OBJECT, 
+                                "Attempted to unwrap '%s' value",
+                                handledType().getName());
+                    }
                     tokens.writeEndObject();
                     if (bean.getClass() != _beanType.getRawClass()) {
                         // !!! 08-Jul-2011, tatu: Could probably support; but for now

diff --git a/src/test/java/com/fasterxml/jackson/databind/struct/TestUnwrapped.java b/src/test/java/com/fasterxml/jackson/databind/struct/TestUnwrapped.java
@@ -111,6 +111,34 @@ static class Address {
         public String country;
     }
 
+    // [databind#2088]
+    static class Issue2088Bean {
+        int x;
+        int y;
+
+        @JsonUnwrapped
+        Issue2088UnwrappedBean w;
+
+        public Issue2088Bean(@JsonProperty("x") int x, @JsonProperty("y") int y) {
+            this.x = x;
+            this.y = y;
+        }
+
+        public void setW(Issue2088UnwrappedBean w) {
+            this.w = w;
+        }
+    }
+
+    static class Issue2088UnwrappedBean {
+        int a;
+        int b;
+
+        public Issue2088UnwrappedBean(@JsonProperty("a") int a, @JsonProperty("b") int b) {
+            this.a = a;
+            this.b = b;
+        }
+    }
+
     /*
     /**********************************************************
     /* Tests, serialization
@@ -215,4 +243,14 @@ public void testCaseInsensitiveUnwrap() throws Exception
         Person p = mapper.readValue("{ }", Person.class);
         assertNotNull(p);
     }
+
+    // [databind#2088]: accidental skipping of values
+    public void testIssue2088UnwrappedFieldsAfterLastCreatorProp() throws Exception
+    {
+        Issue2088Bean bean = MAPPER.readValue("{\"x\":1,\"a\":2,\"y\":3,\"b\":4}", Issue2088Bean.class);
+        assertEquals(1, bean.x);
+        assertEquals(2, bean.w.a);
+        assertEquals(3, bean.y);
+        assertEquals(4, bean.w.b);
+    }
 }