[ https://issues.apache.org/jira/browse/CASSANDRA-14284?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Benjamin Lerer resolved CASSANDRA-14284. ---------------------------------------- Resolution: Fixed Fix Version/s: 3.11.3 3.0.17 2.2.13 2.1.21 4.0 Committed into 2.1 at 34a1d5da58fb8edcad39633084541bb4162f5ede and merged into 2.2, 3.0, 3.11 and trunk. > Chunk checksum test needs to occur before uncompress to avoid JVM crash > ----------------------------------------------------------------------- > > Key: CASSANDRA-14284 > URL: https://issues.apache.org/jira/browse/CASSANDRA-14284 > Project: Cassandra > Issue Type: Bug > Components: Core > Environment: The check-only-after-doing-the-decompress logic appears > to be in all current releases. > Here are some samples at different evolution points : > 3.11.2: > [https://github.com/apache/cassandra/blob/cassandra-3.11.2/src/java/org/apache/cassandra/io/util/CompressedChunkReader.java#L146] > https://github.com/apache/cassandra/blob/cassandra-3.11.2/src/java/org/apache/cassandra/io/util/CompressedChunkReader.java#L207 > > 3.5: > > [https://github.com/apache/cassandra/blob/cassandra-3.5/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L135] > [https://github.com/apache/cassandra/blob/cassandra-3.5/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L196] > 2.1.17: > > [https://github.com/apache/cassandra/blob/cassandra-2.1.17/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L122] > > Reporter: Gil Tene > Assignee: Benjamin Lerer > Priority: Major > Fix For: 4.0, 2.1.21, 2.2.13, 3.0.17, 3.11.3 > > > While checksums are (generally) performed on compressed data, the checksum > test when reading is currently (in all variants of C* 2.x, 3.x I've looked > at) done [on the compressed data] only after the uncompress operation has > completed. > The issue here is that LZ4_decompress_fast (as documented in e.g. > [https://github.com/lz4/lz4/blob/dev/lib/lz4.h#L214)] can result in memory > overruns when provided with malformed source data. This in turn can (and > does, e.g. in CASSANDRA-13757) lead to JVM crashes during the uncompress of > corrupted chunks. The checksum operation would obviously detect the issue, > but we'd never get to it if the JVM crashes first. > Moving the checksum test of the compressed data to before the uncompress > operation (in cases where the checksum is done on compressed data) will > resolve this issue. > ----------------------------- > The check-only-after-doing-the-decompress logic appears to be in all current > releases. > Here are some samples at different evolution points : > 3.11.2: > [https://github.com/apache/cassandra/blob/cassandra-3.11.2/src/java/org/apache/cassandra/io/util/CompressedChunkReader.java#L146] > https://github.com/apache/cassandra/blob/cassandra-3.11.2/src/java/org/apache/cassandra/io/util/CompressedChunkReader.java#L207 > > 3.5: > > [https://github.com/apache/cassandra/blob/cassandra-3.5/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L135] > [https://github.com/apache/cassandra/blob/cassandra-3.5/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L196] > 2.1.17: > > [https://github.com/apache/cassandra/blob/cassandra-2.1.17/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L122] -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org