[jira] [Commented] (LUCENE-4196) Turn asserts in I/O related code into hard checks

Thu, 05 Jul 2012 08:04:38 -0700 

    [ 
https://issues.apache.org/jira/browse/LUCENE-4196?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13407194#comment-13407194
 ] 

Robert Muir commented on LUCENE-4196:
-------------------------------------

I agree, sometimes I added asserts that I feel should be real checks but I feel 
its safest to just do the assert.

Lucene3xNormsProducer:119 is an example. if it fails it means you have a 
corrumpt .nrm file with wrong norms mismatched
for different fields.
                
> Turn asserts in I/O related code into hard checks
> -------------------------------------------------
>
>                 Key: LUCENE-4196
>                 URL: https://issues.apache.org/jira/browse/LUCENE-4196
>             Project: Lucene - Java
>          Issue Type: Task
>          Components: core/index
>    Affects Versions: 4.0-ALPHA
>            Reporter: Uwe Schindler
>             Fix For: 4.0
>
>
> In lots of codecs we only assert, that e.g. some things inside files are 
> correctly in bounds, which leads to security problems (ok, not as bad as 
> C-Style buffer overflows), but e.g. allocating a large array after reading a 
> VInt from a file header and then OOM, is a security issue. So we have to 
> check all those contracts for files as hard checks, especially as a simply 
> check in most cases dont cost anything (and it costs not more than the assert 
> itsself, as the assert also takes CPU power, because it needs a check one 
> time on a static final class field).
> Of course we cannot check values we read when reading postings, but the 
> simple checks that any postings file has correct header and something like a 
> positive number of elements, or number of elements < file size,..., a 
> bit-fireld only contains valid bits in StoredFieldsReader, or non-duplicate 
> filenames (CFS) are very important. We had those checks in 3.x, but in 4.0, 
> Mike changed all of those to asserts during the flex development (in my 
> opinion with no real reason).

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to