Anton Vinogradov created IGNITE-28854:
-----------------------------------------

             Summary: CompressedMessageSerializer.readFrom() spins forever on a 
null chunk from a corrupted or incompatible peer
                 Key: IGNITE-28854
                 URL: https://issues.apache.org/jira/browse/IGNITE-28854
             Project: Ignite
          Issue Type: Task
            Reporter: Anton Vinogradov
            Assignee: Dmitry Werner


In CompressedMessageSerializer.readFrom(), state 2 reads the next compressed 
chunk:

    msg.chunk = reader.readByteArray();

    if (!reader.isLastRead())
        return false;

    if (msg.chunk != null) \{ ... reader.decrementState(); ... }

DirectByteBufferStream.readByteArray() returns null (with lastFinished == true) 
when the wire contains the null-array marker (length == -1). A well-behaved 
sender never writes null at this position (writeTo() only enters state 2 with a 
non-null chunk), but a corrupted stream or a malicious/incompatible peer can 
produce it: the -1 length is accepted, the null branch does not advance the 
reader state, and the while(true) loop re-executes state 2 forever - the 
grid-nio worker thread spins at 100% CPU and its stripe stops processing 
messages, effectively degrading the whole node.

The defect predates IGNITE-28853 (the master version with the direct-buffer 
accumulator has the identical structure).

Fix: treat a null chunk at this protocol position as a protocol violation - 
throw IgniteException with a descriptive message instead of silently looping. 
The exception propagates out of message decoding and the connection is closed, 
which is the correct outcome for a corrupted stream.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to