Fix #2181

Author: cowtowncoder

release-notes/CREDITS-2.x

@@ -813,3 +813,8 @@ Brandon Krieger (bkrieger@github)
 
 Semyon Levin (remal@github)
   * Contributed #2120: `NioPathDeserializer` improvement
+   (2.9.7)
+
+Pavel Nikitin (morj@github)
+  * Requested #2181: Don't re-use dynamic serializers for property-updating copy constructors
+   (2.9.8)

release-notes/VERSION-2.x

@@ -11,6 +11,8 @@ Project: jackson-databind
 #2155: Type parameters are checked for equality while isAssignableFrom expected
  (reported by frankfiedler@github)
 #2167: Large ISO-8601 Dates are formatted/serialized incorrectly
+#2181: Don't re-use dynamic serializers for property-updating copy constructors
+ (suggested by Pavel N)
 #2183: Base64 JsonMappingException: Unexpected end-of-input
  (reported by ViToni@github)
 #2186: Block more classes from polymorphic deserialization (CVE-2018-19360,

src/main/java/com/fasterxml/jackson/databind/ser/impl/MapEntrySerializer.java

@@ -143,7 +143,8 @@ protected MapEntrySerializer(MapEntrySerializer src, BeanProperty property,
         _valueTypeSerializer = src._valueTypeSerializer;
         _keySerializer = (JsonSerializer<Object>) keySer;
         _valueSerializer = (JsonSerializer<Object>) valueSer;
-        _dynamicValueSerializers = src._dynamicValueSerializers;
+        // [databind#2181]: may not be safe to reuse, start from empty
+        _dynamicValueSerializers = PropertySerializerMap.emptyForProperties();
         _property = src._property;
         _suppressableValue = suppressableValue;
         _suppressNulls = suppressNulls;

src/main/java/com/fasterxml/jackson/databind/ser/std/AsArraySerializerBase.java

@@ -118,7 +118,8 @@ protected AsArraySerializerBase(AsArraySerializerBase<?> src,
         _valueTypeSerializer = vts;
         _property = property;
         _elementSerializer = (JsonSerializer<Object>) elementSerializer;
-        _dynamicSerializers = src._dynamicSerializers;
+        // [databind#2181]: may not be safe to reuse, start from empty
+        _dynamicSerializers = PropertySerializerMap.emptyForProperties();
         _unwrapSingle = unwrapSingle;
     }
 

src/main/java/com/fasterxml/jackson/databind/ser/std/MapSerializer.java

@@ -196,7 +196,8 @@ protected MapSerializer(MapSerializer src, BeanProperty property,
         _valueTypeSerializer = src._valueTypeSerializer;
         _keySerializer = (JsonSerializer<Object>) keySerializer;
         _valueSerializer = (JsonSerializer<Object>) valueSerializer;
-        _dynamicValueSerializers = src._dynamicValueSerializers;
+        // [databind#2181]: may not be safe to reuse, start from empty
+        _dynamicValueSerializers = PropertySerializerMap.emptyForProperties();
         _property = property;
         _filterId = src._filterId;
         _sortKeys = src._sortKeys;
@@ -218,6 +219,8 @@ protected MapSerializer(MapSerializer src, TypeSerializer vts,
         _valueTypeSerializer = vts;
         _keySerializer = src._keySerializer;
         _valueSerializer = src._valueSerializer;
+        // 22-Nov-2018, tatu: probably safe (even with [databind#2181]) since it's just
+        //   inclusion, type serializer but NOT serializer
         _dynamicValueSerializers = src._dynamicValueSerializers;
         _property = src._property;
         _filterId = src._filterId;
@@ -236,7 +239,8 @@ protected MapSerializer(MapSerializer src, Object filterId, boolean sortKeys)
         _valueTypeSerializer = src._valueTypeSerializer;
         _keySerializer = src._keySerializer;
         _valueSerializer = src._valueSerializer;
-        _dynamicValueSerializers = src._dynamicValueSerializers;
+        // [databind#2181]: may not be safe to reuse, start from empty
+        _dynamicValueSerializers = PropertySerializerMap.emptyForProperties();
         _property = src._property;
         _filterId = filterId;
         _sortKeys = sortKeys;

src/main/java/com/fasterxml/jackson/databind/ser/std/ObjectArraySerializer.java

@@ -75,6 +75,8 @@ public ObjectArraySerializer(ObjectArraySerializer src, TypeSerializer vts)
         _elementType = src._elementType;
         _valueTypeSerializer = vts;
         _staticTyping = src._staticTyping;
+        // 22-Nov-2018, tatu: probably safe (even with [databind#2181]) since it's just
+        //   inclusion, type serializer but NOT serializer
         _dynamicSerializers = src._dynamicSerializers;
         _elementSerializer = src._elementSerializer;
     }
@@ -88,7 +90,8 @@ public ObjectArraySerializer(ObjectArraySerializer src,
         _elementType = src._elementType;
         _valueTypeSerializer = vts;
         _staticTyping = src._staticTyping;
-        _dynamicSerializers = src._dynamicSerializers;
+        // [databind#2181]: may not be safe to reuse, start from empty
+        _dynamicSerializers = PropertySerializerMap.emptyForProperties();
         _elementSerializer = (JsonSerializer<Object>) elementSerializer;
     }
 

src/main/java/com/fasterxml/jackson/databind/ser/std/ReferenceTypeSerializer.java

@@ -116,7 +116,8 @@ protected ReferenceTypeSerializer(ReferenceTypeSerializer<?> base, BeanProperty
     {
         super(base);
         _referredType = base._referredType;
-        _dynamicSerializers = base._dynamicSerializers;
+        // [databind#2181]: may not be safe to reuse, start from empty
+        _dynamicSerializers = PropertySerializerMap.emptyForProperties();
         _property = property;
         _valueTypeSerializer = vts;
         _valueSerializer = (JsonSerializer<Object>) valueSer;