[
https://issues.apache.org/jira/browse/HDFS-16007?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17340248#comment-17340248
]
junwen yang commented on HDFS-16007:
------------------------------------
[~vjasani] yes, adding the index information is what I mean. Since if in the
new version, a new value is appended, then the index will be the original
length + 1, if it's sent to the old version, it will cause the arrayoutofbound
error.
> Vulnerabilities found when serializing enum value
> -------------------------------------------------
>
> Key: HDFS-16007
> URL: https://issues.apache.org/jira/browse/HDFS-16007
> Project: Hadoop HDFS
> Issue Type: Improvement
> Reporter: junwen yang
> Assignee: Viraj Jasani
> Priority: Major
>
> ReplicaState enum is using ordinal to conduct serialization and
> deserialization, which is vulnerable to the order, to cause issues similar to
> HDFS-15624.
> To avoid it, either adding comments to let later developer not to change this
> enum, or add index checking in the read and getState function to avoid index
> out of bound error.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
