[
https://issues.apache.org/jira/browse/CASSANDRA-14752?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16617276#comment-16617276
]
Varun Barala edited comment on CASSANDRA-14752 at 9/17/18 9:32 AM:
-------------------------------------------------------------------
I found there are too many usages of `AbstractCompositeType#fromString()`.
One way to corrupt the data:-
Table schema:-
{code:java}
CREATE TABLE ks1.table1 (
t_id boolean,
id boolean,
ck boolean,
nk boolean,
PRIMARY KEY ((t_id,id),ck)
);{code}
Insert statement:-
{code:java}
insert into ks1.table1 (t_id, ck, id, nk)
VALUES (true, false, false, true);
{code}
Now run nodetool command to get the SSTable for given key:-
{code:java}
bin/nodetool getsstables ks1 table1 "false:true"
{code}
Basically, this operation will modify the positions.
Insert again:-
{code:java}
insert into ks1.table1 (t_id, ck, id, nk)
VALUES (true, true, false, true);
{code}
select data from this table:-
{code:java}
true,false,false,true
null,null,null,null
{code}
So now all boolean type data will be written as null.
was (Author: varuna):
I found there are too many usages of `AbstractCompositeType#fromString()`.
One way to corrupt the data:-
Table schema:-
{code:java}
CREATE TABLE ks1.table1 (
t_id boolean,
id boolean,
ck boolean,
nk boolean,
PRIMARY KEY ((t_id,id),ck)
);{code}
Insert statement:-
{code:java}
insert into ks1.table1 (tenant_id, ck, id, nk)
VALUES (true, false, false, true);
{code}
Now run nodetool command to get the SSTable for given key:-
{code:java}
bin/nodetool getsstables ks1 table1 "false:true"
{code}
Basically, this operation will modify the positions.
Insert again:-
{code:java}
insert into ks1.table1 (tenant_id, ck, id, nk)
VALUES (true, true, false, true);
{code}
select data from this table:-
{code:java}
true,false,false,true
null,null,null,null
{code}
So now all boolean type data will be written as null.
> serializers/BooleanSerializer.java is using static bytebuffers which may
> cause problem for subsequent operations
> ----------------------------------------------------------------------------------------------------------------
>
> Key: CASSANDRA-14752
> URL: https://issues.apache.org/jira/browse/CASSANDRA-14752
> Project: Cassandra
> Issue Type: Bug
> Components: Core
> Reporter: Varun Barala
> Priority: Major
> Attachments: patch, patch-modified
>
>
> [https://github.com/apache/cassandra/blob/trunk/src/java/org/apache/cassandra/serializers/BooleanSerializer.java#L26]
> It has two static Bytebuffer variables:-
> {code:java}
> private static final ByteBuffer TRUE = ByteBuffer.wrap(new byte[]{1});
> private static final ByteBuffer FALSE = ByteBuffer.wrap(new byte[]{0});{code}
> What will happen if the position of these Bytebuffers is being changed by
> some other operations? It'll affect other subsequent operations. IMO Using
> static is not a good idea here.
> A potential place where it can become problematic:
> [https://github.com/apache/cassandra/blob/cassandra-2.1.13/src/java/org/apache/cassandra/db/marshal/AbstractCompositeType.java#L243]
> Since we are calling *`.remaining()`* It may give wrong results _i.e 0_ if
> these Bytebuffers have been used previously.
> Solution:
>
> [https://github.com/apache/cassandra/blob/trunk/src/java/org/apache/cassandra/serializers/BooleanSerializer.java#L42]
> Every time we return new bytebuffer object. Please do let me know If there
> is a better way. I'd like to contribute. Thanks!!
> {code:java}
> public ByteBuffer serialize(Boolean value)
> {
> return (value == null) ? ByteBufferUtil.EMPTY_BYTE_BUFFER
> : value ? ByteBuffer.wrap(new byte[] {1}) : ByteBuffer.wrap(new byte[] {0});
> // false
> }
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
