[jira] [Created] (CASSANDRA-14284) Chunk checksum test needs to occur before uncompress to avoid JVM crash

Thu, 01 Mar 2018 13:13:54 -0800 

Gil Tene created CASSANDRA-14284:
------------------------------------

             Summary: Chunk checksum test needs to occur before uncompress to 
avoid JVM crash
                 Key: CASSANDRA-14284
                 URL: https://issues.apache.org/jira/browse/CASSANDRA-14284
             Project: Cassandra
          Issue Type: Bug
          Components: Core
         Environment: The check-only-after-doing-the-decompress logic appears 
to be in all current releases.

Here are some samples at different evolution points :

3.11.2:

https://github.com/apache/cassandra/blob/cassandra-3.5/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L135

https://github.com/apache/cassandra/blob/cassandra-3.5/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L198

3.5:

 
[https://github.com/apache/cassandra/blob/cassandra-3.5/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L135]

https://github.com/apache/cassandra/blob/cassandra-3.5/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L196

2.1.17:

 
[https://github.com/apache/cassandra/blob/cassandra-2.1.17/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L122]

 
            Reporter: Gil Tene


While checksums are (generally) performed on compressed data, the checksum test 
when reading is currently (in all variants of C* 2.x, 3.x I've looked at) done 
o[on the compressed data]nly after the uncompress operation has completed. 

The issue here is that LZ4_decompress_fast (as documented in e.g. 
[https://github.com/lz4/lz4/blob/dev/lib/lz4.h#L214)] can result in memory 
overruns when provided with malformed source data. This in turn can (and does, 
e.g. in CASSANDRA-13757) lead to JVM crashes during the uncompress of corrupted 
chunks. The checksum operation would obviously detect the issue, but we'd never 
get to it if the JVM crashes first.

Moving the checksum test of the compressed data to before the uncompress 
operation (in cases where the checksum is done on compressed data) will resolve 
this issue.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to