Avihai Berkovitz created FLINK-6044:
---------------------------------------
Summary: TypeSerializerSerializationProxy.read() doesn't verify
the read buffer length
Key: FLINK-6044
URL: https://issues.apache.org/jira/browse/FLINK-6044
Project: Flink
Issue Type: Bug
Components: Type Serialization System
Affects Versions: 1.2.0
Environment: Ubuntu server 12.04.5 64 bit
java version "1.8.0_111"
Java(TM) SE Runtime Environment (build 1.8.0_111-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.111-b14, mixed mode)
Reporter: Avihai Berkovitz
Priority: Critical
The read() method of TypeSerializerSerializationProxy creates a buffers and
tries to fill it by calling the read() method of the given DataInputView, but
never checks the return value. The actual size read from the stream might be
smaller than the buffer size, and the rest of the buffer is filled with zeroes,
causing the deserialization to fail.
It happened to me using a RocksDB state backend backed by S3. The setup was
done according to
https://ci.apache.org/projects/flink/flink-docs-release-1.2/setup/aws.html#s3-simple-storage-service
and everything worked correctly until I upgraded to Flink 1.2.0.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
