Avoid potential exceptions on serialize in the face of malformed lazy extensions.

The behavior before this change was that when a corrupted lazy extension was seen, the first time parse is reached it actually discarded and 0-length byte is stored.

This can led to exceptions in a case of
- Parse some parent message with a messageset with an extension that has malformed bytes
- Call getSerializedLength() on parent, which will see the lazy fields byte length and cache it
- Call .get() on the bad extension, which sees the corruption, this resets only the inner cached size to -1 not any parents
- Serialize the message, serialized length doesn't match the cached serialized length which will throw that the wrong number of bytes were written.

After this change, we instead round-trip the original bytes in the face of corrupted data. This is consistent with cases like wrong-tag cases where we stuff the data into unknown fields instead and don't discard it.

PiperOrigin-RevId: 844814654

Author: protobuf-github-bot

java/core/src/main/java/com/google/protobuf/GeneratedMessage.java

@@ -1087,13 +1087,6 @@ public final <T> T getExtension(final ExtensionLite<? extends MessageT, T> exten
       } else {
         result = (T) extension.fromReflectionType(value);
       }
-
-      // If the lazy field is corrupted, we need to invalidate the memoized size in case the
-      // corrupted message data was replaced with an empty ByteString and yet a previous serialized
-      // size was memoized.
-      if (extensions.lazyFieldCorrupted(descriptor)) {
-        setMemoizedSerializedSize(-1);
-      }
       return result;
     }
 

java/core/src/main/java/com/google/protobuf/LazyFieldLite.java

@@ -336,10 +336,10 @@ public void setByteString(ByteString bytes, ExtensionRegistryLite extensionRegis
   public int getSerializedSize() {
     // We *must* return delayed bytes size if it was ever set because the dependent messages may
     // have memoized serialized size based off of it.
-    if (memoizedBytes != null) {
-      return memoizedBytes.size();
-    } else if (delayedBytes != null) {
+    if (delayedBytes != null) {
       return delayedBytes.size();
+    } else if (memoizedBytes != null) {
+      return memoizedBytes.size();
     } else if (value != null) {
       return value.getSerializedSize();
     } else {
@@ -349,14 +349,14 @@ public int getSerializedSize() {
 
   /** Returns a BytesString for this field in a thread-safe way. */
   public ByteString toByteString() {
-    if (memoizedBytes != null) {
-      return memoizedBytes;
-    }
     // We *must* return delayed bytes if it was set because the dependent messages may have
     // memoized serialized size based off of it.
     if (delayedBytes != null) {
       return delayedBytes;
     }
+    if (memoizedBytes != null) {
+      return memoizedBytes;
+    }
     synchronized (this) {
       if (memoizedBytes != null) {
         return memoizedBytes;

java/core/src/test/java/com/google/protobuf/LazilyParsedMessageSetTest.java

@@ -14,6 +14,7 @@
 import proto2_unittest.UnittestMset.TestMessageSetExtension2;
 import proto2_unittest.UnittestMset.TestMessageSetExtension3;
 import proto2_wireformat_unittest.UnittestMsetWireFormat.TestMessageSet;
+import proto2_wireformat_unittest.UnittestMsetWireFormat.TestMessageSetWireFormatContainer;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -147,17 +148,10 @@ public void testLoadCorruptedLazyField_getsReplacedWithEmptyMessage() throws Exc
     // Serialize. The first extension should be serialized as an empty message.
     ByteString outputData = messageSet.toByteString();
 
-    // Re-parse as RawMessageSet
+    // Round trip and confirm the corrupted payload is preserved.
     RawMessageSet actualRaw =
         RawMessageSet.parseFrom(outputData, ExtensionRegistry.getEmptyRegistry());
-
-    RawMessageSet expectedRaw =
-        RawMessageSet.newBuilder()
-            .addItem(
-                RawMessageSet.Item.newBuilder().setTypeId(TYPE_ID_1).setMessage(ByteString.empty()))
-            .build();
-
-    assertThat(actualRaw).isEqualTo(expectedRaw);
+    assertThat(actualRaw).isEqualTo(inputRaw);
   }
 
   @Test
@@ -174,27 +168,21 @@ public void testLoadCorruptedLazyField_getSerializedSize() throws Exception {
     ByteString inputData = inputRaw.toByteString();
     TestMessageSet messageSet = TestMessageSet.parseFrom(inputData, extensionRegistry);
 
+    TestMessageSetWireFormatContainer container =
+        TestMessageSetWireFormatContainer.newBuilder().setMessageSet(messageSet).build();
+
     // Effectively cache the serialized size of the message set.
-    assertThat(messageSet.getSerializedSize()).isEqualTo(9);
+    assertThat(container.getSerializedSize()).isEqualTo(11);
 
-    // getExtension should mark the memoized size as "dirty" (i.e. -1).
-    assertThat(messageSet.getExtension(TestMessageSetExtension1.messageSetExtension))
+    // getExtension will notice that the extension is corrupted and replace it with the default
+    // empty message.
+    assertThat(container.getMessageSet().getExtension(TestMessageSetExtension1.messageSetExtension))
         .isEqualTo(TestMessageSetExtension1.getDefaultInstance());
 
-    // toByteString calls getSerializedSize() which should re-compute the serialized size as the
-    // message contains lazy fields.
-    ByteString outputData = messageSet.toByteString();
-
-    // Re-parse as RawMessageSet
-    RawMessageSet actualRaw =
-        RawMessageSet.parseFrom(outputData, ExtensionRegistry.getEmptyRegistry());
-
-    RawMessageSet expectedRaw =
-        RawMessageSet.newBuilder()
-            .addItem(
-                RawMessageSet.Item.newBuilder().setTypeId(TYPE_ID_1).setMessage(ByteString.empty()))
-            .build();
-
-    assertThat(actualRaw).isEqualTo(expectedRaw);
+    // Make sure that toByteString() works even though the total size has been cached, and round
+    // tripping should keep equals().
+    ByteString bytes = container.toByteString();
+    assertThat(container)
+        .isEqualTo(TestMessageSetWireFormatContainer.parseFrom(bytes, extensionRegistry));
   }
 }

java/core/src/test/java/com/google/protobuf/LazyFieldLiteTest.java

@@ -118,13 +118,14 @@ public void testEmptyLazyField() throws Exception {
   @Test
   public void testInvalidProto() throws Exception {
     // Silently fails and uses the default instance.
-    LazyFieldLite field =
-        new LazyFieldLite(TestUtil.getExtensionRegistry(), ByteString.copyFromUtf8("invalid"));
+    ByteString invalid = ByteString.copyFromUtf8("invalid");
+    LazyFieldLite field = new LazyFieldLite(TestUtil.getExtensionRegistry(), invalid);
+    assertThat(field.getSerializedSize()).isEqualTo(7);
     assertThat(
         field.getValue(TestAllTypes.getDefaultInstance()))
             .isEqualTo(TestAllTypes.getDefaultInstance());
-    assertThat(field.getSerializedSize()).isEqualTo(0);
-    assertThat(field.toByteString()).isEqualTo(ByteString.EMPTY);
+    assertThat(field.getSerializedSize()).isEqualTo(7);
+    assertThat(field.toByteString()).isEqualTo(invalid);
   }
 
   @Test