[
https://issues.apache.org/jira/browse/CASSANDRA-2851?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13059362#comment-13059362
]
Sylvain Lebresne commented on CASSANDRA-2851:
---------------------------------------------
Why would it be ok for single-character inputs and not other odd-sized inputs ?
An odd-sized input doesn't (ever) correspond to a valid byte array, so I'd say
either we always silently add a 0 to "make it fit" or we never do it. I do
actually am in favor of throwing an exception rather then coping with it
silently since it's more likely to indicate a user error than to be helpful
(but maybe that addition of a '0' in front was there for a reason?).
I'll note that even though I can't imagine why people would generate odd-sized
hex input, since it is allowed so far, there is a chance someone out there does
it, and it would be a "regression" for that guy. So maybe we should target 1.0
for the sake of making minor upgrade as smooth for everybody as can be.
On the patch side, we must make sure every consumer of hexToBytes() handles the
new exception (or make it a NumberFormatException but I don't think this is a
good idea). For instance, at least BytesType.fromString() should catch the
IllegalArgumentException and rethrow a MarshalException, otherwise CQL will
crap his pants on odd-sized inputs.
> hex-to-bytes conversion accepts invalid inputs silently
> -------------------------------------------------------
>
> Key: CASSANDRA-2851
> URL: https://issues.apache.org/jira/browse/CASSANDRA-2851
> Project: Cassandra
> Issue Type: Bug
> Components: Core
> Affects Versions: 0.7.6, 0.8.1
> Reporter: David Allsopp
> Priority: Minor
> Fix For: 0.8.2
>
> Attachments: cassandra-2851.diff
>
>
> FBUtilities.hexToBytes() has a minor bug - it copes with single-character
> inputs by prepending "0", which is OK - but it does this for any input with
> an odd number of characters, which is probably incorrect.
> {noformat}
> if (str.length() % 2 == 1)
> str = "0" + str;
> {noformat}
> Given 'fff' as an input, can we really assume that this should be '0fff'?
> Isn't this just an error?
> Add the following to FBUtilitiesTest to demonstrate:
> {noformat}
> String[] badvalues = new String[]{"000", "fff"};
>
> for (int i = 0; i < badvalues.length; i++)
> try
> {
> FBUtilities.hexToBytes(badvalues[i]);
> fail("Invalid hex value accepted"+badvalues[i]);
> } catch (Exception e){}
> {noformat}
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
