Anton Vinogradov created IGNITE-28854:
-----------------------------------------
Summary: CompressedMessageSerializer.readFrom() spins forever on a
null chunk from a corrupted or incompatible peer
Key: IGNITE-28854
URL: https://issues.apache.org/jira/browse/IGNITE-28854
Project: Ignite
Issue Type: Task
Reporter: Anton Vinogradov
Assignee: Dmitry Werner
In CompressedMessageSerializer.readFrom(), state 2 reads the next compressed
chunk:
msg.chunk = reader.readByteArray();
if (!reader.isLastRead())
return false;
if (msg.chunk != null) \{ ... reader.decrementState(); ... }
DirectByteBufferStream.readByteArray() returns null (with lastFinished == true)
when the wire contains the null-array marker (length == -1). A well-behaved
sender never writes null at this position (writeTo() only enters state 2 with a
non-null chunk), but a corrupted stream or a malicious/incompatible peer can
produce it: the -1 length is accepted, the null branch does not advance the
reader state, and the while(true) loop re-executes state 2 forever - the
grid-nio worker thread spins at 100% CPU and its stripe stops processing
messages, effectively degrading the whole node.
The defect predates IGNITE-28853 (the master version with the direct-buffer
accumulator has the identical structure).
Fix: treat a null chunk at this protocol position as a protocol violation -
throw IgniteException with a descriptive message instead of silently looping.
The exception propagates out of message decoding and the connection is closed,
which is the correct outcome for a corrupted stream.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)