[jira] [Updated] (HDFS-16007) Deserialization of ReplicaState should avoid throwing ArrayIndexOutOfBoundsException

Akira Ajisaka (Jira) Mon, 10 May 2021 20:39:10 -0700


     [ 
https://issues.apache.org/jira/browse/HDFS-16007?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Akira Ajisaka updated HDFS-16007:
---------------------------------
    Summary: Deserialization of ReplicaState should avoid throwing 
ArrayIndexOutOfBoundsException  (was: Vulnerabilities found when serializing 
enum value)

> Deserialization of ReplicaState should avoid throwing 
> ArrayIndexOutOfBoundsException
> ------------------------------------------------------------------------------------
>
>                 Key: HDFS-16007
>                 URL: https://issues.apache.org/jira/browse/HDFS-16007
>             Project: Hadoop HDFS
>          Issue Type: Improvement
>            Reporter: junwen yang
>            Assignee: Viraj Jasani
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 1.5h
>  Remaining Estimate: 0h
>
> ReplicaState enum is using ordinal to conduct serialization and 
> deserialization, which is vulnerable to the order, to cause issues similar to 
> HDFS-15624.
> To avoid it, either adding comments to let later developer not to change this 
> enum, or add index checking in the read and getState function to avoid index 
> out of bound error. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Updated] (HDFS-16007) Deserialization of ReplicaState should avoid throwing ArrayIndexOutOfBoundsException

Reply via email to