[
https://issues.apache.org/jira/browse/CASSANDRA-14284?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Benjamin Lerer resolved CASSANDRA-14284.
----------------------------------------
Resolution: Fixed
Fix Version/s: 3.11.3
3.0.17
2.2.13
2.1.21
4.0
Committed into 2.1 at 34a1d5da58fb8edcad39633084541bb4162f5ede and merged into
2.2, 3.0, 3.11 and trunk.
> Chunk checksum test needs to occur before uncompress to avoid JVM crash
> -----------------------------------------------------------------------
>
> Key: CASSANDRA-14284
> URL: https://issues.apache.org/jira/browse/CASSANDRA-14284
> Project: Cassandra
> Issue Type: Bug
> Components: Core
> Environment: The check-only-after-doing-the-decompress logic appears
> to be in all current releases.
> Here are some samples at different evolution points :
> 3.11.2:
> [https://github.com/apache/cassandra/blob/cassandra-3.11.2/src/java/org/apache/cassandra/io/util/CompressedChunkReader.java#L146]
> https://github.com/apache/cassandra/blob/cassandra-3.11.2/src/java/org/apache/cassandra/io/util/CompressedChunkReader.java#L207
>
> 3.5:
>
> [https://github.com/apache/cassandra/blob/cassandra-3.5/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L135]
> [https://github.com/apache/cassandra/blob/cassandra-3.5/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L196]
> 2.1.17:
>
> [https://github.com/apache/cassandra/blob/cassandra-2.1.17/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L122]
>
> Reporter: Gil Tene
> Assignee: Benjamin Lerer
> Priority: Major
> Fix For: 4.0, 2.1.21, 2.2.13, 3.0.17, 3.11.3
>
>
> While checksums are (generally) performed on compressed data, the checksum
> test when reading is currently (in all variants of C* 2.x, 3.x I've looked
> at) done [on the compressed data] only after the uncompress operation has
> completed.
> The issue here is that LZ4_decompress_fast (as documented in e.g.
> [https://github.com/lz4/lz4/blob/dev/lib/lz4.h#L214)] can result in memory
> overruns when provided with malformed source data. This in turn can (and
> does, e.g. in CASSANDRA-13757) lead to JVM crashes during the uncompress of
> corrupted chunks. The checksum operation would obviously detect the issue,
> but we'd never get to it if the JVM crashes first.
> Moving the checksum test of the compressed data to before the uncompress
> operation (in cases where the checksum is done on compressed data) will
> resolve this issue.
> -----------------------------
> The check-only-after-doing-the-decompress logic appears to be in all current
> releases.
> Here are some samples at different evolution points :
> 3.11.2:
> [https://github.com/apache/cassandra/blob/cassandra-3.11.2/src/java/org/apache/cassandra/io/util/CompressedChunkReader.java#L146]
> https://github.com/apache/cassandra/blob/cassandra-3.11.2/src/java/org/apache/cassandra/io/util/CompressedChunkReader.java#L207
>
> 3.5:
>
> [https://github.com/apache/cassandra/blob/cassandra-3.5/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L135]
> [https://github.com/apache/cassandra/blob/cassandra-3.5/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L196]
> 2.1.17:
>
> [https://github.com/apache/cassandra/blob/cassandra-2.1.17/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L122]
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
