From d624fc663255971365953d6667a6f4b2242143be Mon Sep 17 00:00:00 2001
From: "Kim, Joo Hyuk" <beanskobe@gmail.com>
Date: Wed, 17 Jan 2024 07:59:42 +0900
Subject: [PATCH] Fix `NPE` when deserializing `@JsonAnySetter` field in
 `Throwable` (#4325)

---
 release-notes/VERSION-2.x                     |  3 ++
 .../deser/std/ThrowableDeserializer.java      | 51 +++++++++++++------
 .../exc/ExceptionWithAnySetter4316Test.java   | 31 +++++++++++
 3 files changed, 69 insertions(+), 16 deletions(-)
 create mode 100644 src/test/java/com/fasterxml/jackson/databind/exc/ExceptionWithAnySetter4316Test.java

diff --git a/release-notes/VERSION-2.x b/release-notes/VERSION-2.x
index adc027f31c..7ecf6f47c2 100644
--- a/release-notes/VERSION-2.x
+++ b/release-notes/VERSION-2.x
@@ -14,6 +14,9 @@ Project: jackson-databind
 #4303: `ObjectReader` is not serializable if it's configured for polymorphism
  (reported by @asardaes)
  (fix contributed by Joo-Hyuk K)
+#4316: NPE when deserializing `JsonAnySetter` in `Throwable`
+ (reported by @jpraet)
+ (fix contributed by Joo-Hyuk K)
 
 2.16.1 (24-Dec-2023)
 
diff --git a/src/main/java/com/fasterxml/jackson/databind/deser/std/ThrowableDeserializer.java b/src/main/java/com/fasterxml/jackson/databind/deser/std/ThrowableDeserializer.java
index eafb470f35..93d463ec2c 100644
--- a/src/main/java/com/fasterxml/jackson/databind/deser/std/ThrowableDeserializer.java
+++ b/src/main/java/com/fasterxml/jackson/databind/deser/std/ThrowableDeserializer.java
@@ -129,11 +129,8 @@ public Object deserializeFromObject(JsonParser p, DeserializationContext ctxt) t
             //    should ideally mangle property names. But for now let's cheat; works
             //    for case-changing although not for kebab/snake cases and "localizedMessage"
             if (PROP_NAME_MESSAGE.equalsIgnoreCase(propName)) {
-                if (hasStringCreator) {
-                    throwable = (Throwable) _valueInstantiator.createFromString(ctxt, p.getValueAsString());
-                    continue;
-                }
-                // fall through
+                throwable = _instantiate(ctxt, hasStringCreator, p.getValueAsString());
+                continue;
             }
 
             // Things marked as ignorable should not be passed to any setter
@@ -161,22 +158,13 @@ public Object deserializeFromObject(JsonParser p, DeserializationContext ctxt) t
                 p.skipChildren();
                 continue;
             }
+
             // Unknown: let's call handler method
             handleUnknownProperty(p, ctxt, throwable, propName);
         }
         // Sanity check: did we find "message"?
         if (throwable == null) {
-            /* 15-Oct-2010, tatu: Can't assume missing message is an error, since it may be
-             *   suppressed during serialization.
-             *
-             *   Should probably allow use of default constructor, too...
-             */
-            //throw new XxxException("No 'message' property found: could not deserialize "+_beanType);
-            if (hasStringCreator) {
-                throwable = (Throwable) _valueInstantiator.createFromString(ctxt, null);
-            } else {
-                throwable = (Throwable) _valueInstantiator.createUsingDefault(ctxt);
-            }
+            throwable = _instantiate(ctxt, hasStringCreator, null);
         }
 
         // any pending values?
@@ -196,4 +184,35 @@ public Object deserializeFromObject(JsonParser p, DeserializationContext ctxt) t
 
         return throwable;
     }
+
+    /*
+    /**********************************************************
+    /* Internal helper methods
+    /**********************************************************
+     */
+
+    /**
+     * Helper method to initialize Throwable
+     *
+     * @since 2.17
+     */
+    private Throwable _instantiate(DeserializationContext ctxt, boolean hasStringCreator, String valueAsString)
+        throws IOException
+    {
+        /* 15-Oct-2010, tatu: Can't assume missing message is an error, since it may be
+         *   suppressed during serialization.
+         *
+         *   Should probably allow use of default constructor, too...
+         */
+        //throw new XxxException("No 'message' property found: could not deserialize "+_beanType);
+        if (hasStringCreator) {
+            if (valueAsString != null) {
+                return (Throwable) _valueInstantiator.createFromString(ctxt, valueAsString);
+            } else {
+                return (Throwable) _valueInstantiator.createFromString(ctxt, null);
+            }
+        } else {
+            return (Throwable) _valueInstantiator.createUsingDefault(ctxt);
+        }
+    }
 }
diff --git a/src/test/java/com/fasterxml/jackson/databind/exc/ExceptionWithAnySetter4316Test.java b/src/test/java/com/fasterxml/jackson/databind/exc/ExceptionWithAnySetter4316Test.java
new file mode 100644
index 0000000000..7dff3a4009
--- /dev/null
+++ b/src/test/java/com/fasterxml/jackson/databind/exc/ExceptionWithAnySetter4316Test.java
@@ -0,0 +1,31 @@
+package com.fasterxml.jackson.databind.exc;
+
+import java.util.*;
+
+import com.fasterxml.jackson.annotation.JsonAnyGetter;
+import com.fasterxml.jackson.annotation.JsonAnySetter;
+import com.fasterxml.jackson.databind.*;
+
+public class ExceptionWithAnySetter4316Test extends BaseMapTest
+{
+    static class Problem extends Exception {
+        private static final long serialVersionUID = 1L;
+
+        @JsonAnySetter
+        @JsonAnyGetter
+        Map<String, Object> additionalProperties = new HashMap<>();
+    }
+
+    private final ObjectMapper MAPPER = newJsonMapper();
+
+    // [databind#4316]
+    public void testWithAnySetter() throws Exception
+    {
+        Problem problem = new Problem();
+        problem.additionalProperties.put("key", "value");
+        String json = MAPPER.writeValueAsString(problem);
+        Problem result = MAPPER.readValue(json, Problem.class);
+        assertEquals(Collections.singletonMap("key", "value"),
+                result.additionalProperties);
+    }
+}