[jira] [Created] (CASSANDRA-21401) Aggregation on "decimal" column can DoS on extreme scale differences

Sun, 24 May 2026 02:05:07 -0700 

Nadav Har'El created CASSANDRA-21401:
----------------------------------------

             Summary: Aggregation on "decimal" column can DoS on extreme scale 
differences
                 Key: CASSANDRA-21401
                 URL: https://issues.apache.org/jira/browse/CASSANDRA-21401
             Project: Apache Cassandra
          Issue Type: Bug
            Reporter: Nadav Har'El


After fixing CASSANDRA-15232 in commit 
{color:#008000}https://github.com/apache/cassandra/commit/d60e7988736ed4358595e9c781b110a5bbb5f812{color}
when arithmetic operators take "decimal" operands of wildly different
scales, for example adding 1 and 1e500000000, Cassandra limits the
result's precision to only MAX_PRECISION = 10,000 decimal digits. This
prevents us from needing to generate a result with 500 million digits,
which takes forever and also likely to OOM.
 
However, it seems this fix was forgotten in the aggregation code, where 
MAX_PRECISION Is not used. This was actually noticed in the past (see a comment 
in https://issues.apache.org/jira/browse/CASSANDRA-18470) but never fixed, and 
an issue wasn't open for it.
 
The following Python test sends a tiny request that causes Cassandra to do with 
500 million digits and never finish (at least, not until the timeout):
 
stmt = cql.prepare(f"INSERT INTO \{table} (p, c) VALUES (?, ?)")
{color:#000000}cql.execute(stmt, 
[{color}{color:#098658}3{color}{color:#000000}, 
Decimal({color}{color:#a31515}'1e'{color}{color:#000000} + 
{color}{color:#267f99}str{color}{color:#000000}(MAX_PRECISION + 
{color}{color:#098658}2{color}{color:#000000}))]){color}
{color:#000000}cql.execute(stmt, 
[{color}{color:#098658}4{color}{color:#000000}, 
Decimal({color}{color:#a31515}'1'{color}{color:#000000})]){color}
{color:#000000}cql.execute({color}{color:#0000ff}f{color}{color:#a31515}"SELECT 
sum(c) FROM 
{color}{color:#0000ff}{{color}{color:#000000}table{color}{color:#0000ff}}{color}{color:#a31515}
 WHERE p IN (3, 4)"{color}{color:#000000}){color}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to