[jira] [Updated] (CASSANDRA-14284) Chunk checksum test needs to occur before uncompress to avoid JVM crash

Wed, 28 Mar 2018 10:37:33 -0700 

     [ 
https://issues.apache.org/jira/browse/CASSANDRA-14284?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Anonymous updated CASSANDRA-14284:
----------------------------------
    Status: Ready to Commit  (was: Patch Available)

> Chunk checksum test needs to occur before uncompress to avoid JVM crash
> -----------------------------------------------------------------------
>
>                 Key: CASSANDRA-14284
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-14284
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Core
>         Environment: The check-only-after-doing-the-decompress logic appears 
> to be in all current releases.
> Here are some samples at different evolution points :
> 3.11.2:
> [https://github.com/apache/cassandra/blob/cassandra-3.11.2/src/java/org/apache/cassandra/io/util/CompressedChunkReader.java#L146]
> https://github.com/apache/cassandra/blob/cassandra-3.11.2/src/java/org/apache/cassandra/io/util/CompressedChunkReader.java#L207
>  
> 3.5:
>  
> [https://github.com/apache/cassandra/blob/cassandra-3.5/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L135]
> [https://github.com/apache/cassandra/blob/cassandra-3.5/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L196]
> 2.1.17:
>  
> [https://github.com/apache/cassandra/blob/cassandra-2.1.17/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L122]
>  
>            Reporter: Gil Tene
>            Assignee: Benjamin Lerer
>            Priority: Major
>
> While checksums are (generally) performed on compressed data, the checksum 
> test when reading is currently (in all variants of C* 2.x, 3.x I've looked 
> at) done [on the compressed data] only after the uncompress operation has 
> completed. 
> The issue here is that LZ4_decompress_fast (as documented in e.g. 
> [https://github.com/lz4/lz4/blob/dev/lib/lz4.h#L214)] can result in memory 
> overruns when provided with malformed source data. This in turn can (and 
> does, e.g. in CASSANDRA-13757) lead to JVM crashes during the uncompress of 
> corrupted chunks. The checksum operation would obviously detect the issue, 
> but we'd never get to it if the JVM crashes first.
> Moving the checksum test of the compressed data to before the uncompress 
> operation (in cases where the checksum is done on compressed data) will 
> resolve this issue.
> -----------------------------
> The check-only-after-doing-the-decompress logic appears to be in all current 
> releases.
> Here are some samples at different evolution points :
> 3.11.2:
> [https://github.com/apache/cassandra/blob/cassandra-3.11.2/src/java/org/apache/cassandra/io/util/CompressedChunkReader.java#L146]
> https://github.com/apache/cassandra/blob/cassandra-3.11.2/src/java/org/apache/cassandra/io/util/CompressedChunkReader.java#L207
>  
> 3.5:
>  
> [https://github.com/apache/cassandra/blob/cassandra-3.5/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L135]
> [https://github.com/apache/cassandra/blob/cassandra-3.5/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L196]
> 2.1.17:
>  
> [https://github.com/apache/cassandra/blob/cassandra-2.1.17/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L122]



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to