Handle ObjectConstructor returning NULL

The DeserializationGraphNavigator calls the construct method on an
instance of ObjectConstructorInterface. According to the return type
hint of that method, it is allowed to return NULL. However, when this
occurs, the navigator will pass NULL to the startVisitingObject method
of the visitor. startVisitingObject expects an object to be passed in,
thus causing the serializer to crash with a type error.

We can prevent this error by calling the `visitNull` method if we detect
that the ObjectConstructor has returned NULL instead of an object.

Author: jankramer

src/GraphNavigator/DeserializationGraphNavigator.php

@@ -184,6 +184,13 @@ public function accept($data, ?array $type = null)
 
                 $object = $this->objectConstructor->construct($this->visitor, $metadata, $data, $type, $this->context);
 
+                if (null === $object) {
+                    $this->context->popClassMetadata();
+                    $this->context->decreaseDepth();
+
+                    return $this->visitor->visitNull($data, $type);
+                }
+
                 $this->visitor->startVisitingObject($metadata, $object, $type);
                 foreach ($metadata->propertyMetadata as $propertyMetadata) {
                     if (null !== $this->exclusionStrategy && $this->exclusionStrategy->shouldSkipProperty($propertyMetadata, $this->context)) {

tests/Serializer/GraphNavigatorTest.php

@@ -6,6 +6,7 @@
 
 use Doctrine\Common\Annotations\AnnotationReader;
 use JMS\Serializer\Accessor\DefaultAccessorStrategy;
+use JMS\Serializer\Construction\ObjectConstructorInterface;
 use JMS\Serializer\Construction\UnserializeObjectConstructor;
 use JMS\Serializer\DeserializationContext;
 use JMS\Serializer\EventDispatcher\EventDispatcher;
@@ -156,6 +157,19 @@ public function testExposeAcceptHandlerExceptionOnSerialization()
         $navigator->accept($object, ['name' => $typeName, 'params' => []]);
     }
 
+    /**
+     * @doesNotPerformAssertions
+     */
+    public function testNavigatorDoesNotCrashWhenObjectConstructorReturnsNull()
+    {
+        $objectConstructor = $this->getMockBuilder(ObjectConstructorInterface::class)->getMock();
+        $objectConstructor->method('construct')->willReturn(null);
+        $navigator = new DeserializationGraphNavigator($this->metadataFactory, $this->handlerRegistry, $objectConstructor, $this->accessor, $this->dispatcher);
+        $navigator->initialize($this->deserializationVisitor, $this->deserializationContext);
+
+        $navigator->accept(['id' => 1234], ['name' => SerializableClass::class]);
+    }
+
     protected function setUp(): void
     {
         $this->deserializationVisitor = $this->getMockBuilder(DeserializationVisitorInterface::class)->getMock();