Github user liurenjie1024 commented on the pull request:
https://github.com/apache/storm/pull/1316#issuecomment-206713335
As I have mentioned in bug report, the reason why NPE happens is that storm
is vulnerable to fraud message from processes outside the cluster. To
reproduce the NPE, you just need to send a message [taskid 0] to [host]:[port]
from anywhere, where taskid is id of one of the tasks running on [host]:[port].
In this case, storm will return a TaskMessage with payload set to null to the
deserializer.
Storm does not check whether the task message is from processes within the
cluster, so deserialization may fail. I think storm should skip the fruad task
message rather than shutdowning the worker when deserialization failed.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
