Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Strange behaviour of .NET binary serialization on Dictionary<Key, Value>

I encountered a, at least to my expectations, strange behavior in the binary serialization of .NET.

All items of a Dictionary that are loaded are added to their parent AFTER the OnDeserialization callback. In contrast List does the other way. This can be really annoying in real world repository code, for example when you need to add some delegates to dictionary items. Please check the example code and watch the asserts.

Is it normal behaviour?

[Serializable]
public class Data : IDeserializationCallback
{
    public List<string> List { get; set; }

    public Dictionary<string, string> Dictionary { get; set; }

    public Data()
    {
        Dictionary = new Dictionary<string, string> { { "hello", "hello" }, { "CU", "CU" } };
        List = new List<string> { "hello", "CU" };
    }

    public static Data Load(string filename)
    {
        using (Stream stream = File.OpenRead(filename))
        {
            Data result = (Data)new BinaryFormatter().Deserialize(stream);
            TestsLengthsOfDataStructures(result);

            return result;
        }
    }

    public void Save(string fileName)
    {
        using (Stream stream = File.Create(fileName))
        {
            new BinaryFormatter().Serialize(stream, this);
        }
    }

    public void OnDeserialization(object sender)
    {
        TestsLengthsOfDataStructures(this);
    }

    private static void TestsLengthsOfDataStructures(Data data)
    {
        Debug.Assert(data.List.Count == 2, "List");
        Debug.Assert(data.Dictionary.Count == 2, "Dictionary");
    }
}
like image 248
Matze Avatar asked Jan 19 '09 10:01

Matze


People also ask

Why is BinaryFormatter unsafe?

BinaryFormatter uses violates 2.), which is a huge security risk because it makes possible to run any code.

Is binary formatter safe?

The BinaryFormatter type is dangerous and is not recommended for data processing. Applications should stop using BinaryFormatter as soon as possible, even if they believe the data they're processing to be trustworthy. BinaryFormatter is insecure and can't be made secure.

What is BinaryFormatter in c#?

The class BinaryFormatter in C# performs the actions of “serialization” and “deserialization” of binary data. It takes simple data structures such as integers (int), decimal numbers (float), and collections of letters and numbers (string) and can convert them into a binary format.


1 Answers

Yes, you've discovered an annoying quirk in Dictionary<TKey, TValue> deserialization. You can get around it by manually calling the dictionary's OnDeserialization() method:

public void OnDeserialization(object sender)
{
    Dictionary.OnDeserialization(this);
    TestsLengthsOfDataStructures(this);
}

Incidentally, you can also use the [OnDeserialized] attribute rather than IDeserializationCallback:

[OnDeserialized]
public void OnDeserialization(StreamingContext context)
{
    Dictionary.OnDeserialization(this);
    TestsLengthsOfDataStructures(this);
}
like image 62
Kent Boogaart Avatar answered Oct 14 '22 13:10

Kent Boogaart