Uwe Schindler created LUCENE-4196:
-------------------------------------
Summary: Turn asserts in I/O related code into hard checks
Key: LUCENE-4196
URL: https://issues.apache.org/jira/browse/LUCENE-4196
Project: Lucene - Java
Issue Type: Task
Components: core/index
Affects Versions: 4.0-ALPHA
Reporter: Uwe Schindler
Fix For: 4.0
In lots of codecs we only assert, that e.g. some things inside files are
correctly in bounds, which leads to security problems (ok, not as bad as
C-Style buffer overflows), but e.g. allocating a large array after reading a
VInt from a file header and then OOM, is a security issue. So we have to check
all those contracts for files as hard checks, especially as a simply check in
most cases dont cost anything (and it costs not more than the assert itsself,
as the assert also takes CPU power, because it needs a check one time on a
static final class field).
Of course we cannot check values we read when reading postings, but the simple
checks that any postings file has correct header and something like a positive
number of elements, or number of elements < file size,..., a bit-fireld only
contains valid bits in StoredFieldsReader, or non-duplicate filenames (CFS) are
very important. We had those checks in 3.x, but in 4.0, Mike changed all of
those to asserts during the flex development (in my opinion with no real
reason).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
