[
https://issues.apache.org/jira/browse/MAPREDUCE-7346?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yiyuan GUO updated MAPREDUCE-7346:
----------------------------------
Description:
In the file _gridmix/AvgRecordFactory.java,_ one of __ the class's constructor
has the following
[code|https://github.com/apache/hadoop/blob/trunk/hadoop-tools/hadoop-gridmix/src/main/java/org/apache/hadoop/mapred/gridmix/AvgRecordFactory.java#L63-#L68]:
{code:java}
public AvgRecordFactory(long targetBytes, long targetRecords,
Configuration conf, int minSpilledBytes) {
this.targetBytes = targetBytes;
this.targetRecords = targetRecords <= 0 && this.targetBytes >= 0
? Math.max(1,
this.targetBytes / conf.getInt(GRIDMIX_MISSING_REC_SIZE, 64 * 1024))
: targetRecords;
final long tmp = this.targetBytes / this.targetRecords;
...
}
{code}
The check in the code _targetRecords <= 0 && this.targetBytes >= 0_ is not
sufficient: when _*targetRecords == 0 && targetBytes < 0*,_ we can bypass _
_the_ _protection checking and set _this.targetRecords_ to zero, leading to a
divide by zero problem when computing _tmp._
was:
In the file _gridmix/AvgRecordFactory.java,_ one of __ the class's constructor
has the following
[code|https://github.com/apache/hadoop/blob/trunk/hadoop-tools/hadoop-gridmix/src/main/java/org/apache/hadoop/mapred/gridmix/AvgRecordFactory.java#L63-#L68]:
{code:java}
public AvgRecordFactory(long targetBytes, long targetRecords,
Configuration conf, int minSpilledBytes) {
this.targetBytes = targetBytes;
this.targetRecords = targetRecords <= 0 && this.targetBytes >= 0
? Math.max(1,
this.targetBytes / conf.getInt(GRIDMIX_MISSING_REC_SIZE, 64 * 1024))
: targetRecords;
final long tmp = this.targetBytes / this.targetRecords;
...
}
{code}
The check in the code _targetRecords <= 0 && this.targetBytes >= 0_ is not
sufficient: when _*targetRecords == 0 && targetBytes < 0*,_ we can bypass __
the __ protection checking and set _this.targetRecords_ to zero, leading to a
divide by zero problem when computing _tmp._
> [Gridmix] A potential divide by zero in AvgRecordFactory
> --------------------------------------------------------
>
> Key: MAPREDUCE-7346
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-7346
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Components: contrib/gridmix
> Reporter: Yiyuan GUO
> Priority: Major
> Labels: gridmix, security
>
> In the file _gridmix/AvgRecordFactory.java,_ one of __ the class's
> constructor has the following
> [code|https://github.com/apache/hadoop/blob/trunk/hadoop-tools/hadoop-gridmix/src/main/java/org/apache/hadoop/mapred/gridmix/AvgRecordFactory.java#L63-#L68]:
> {code:java}
> public AvgRecordFactory(long targetBytes, long targetRecords,
> Configuration conf, int minSpilledBytes) {
> this.targetBytes = targetBytes;
> this.targetRecords = targetRecords <= 0 && this.targetBytes >= 0
> ? Math.max(1,
> this.targetBytes / conf.getInt(GRIDMIX_MISSING_REC_SIZE, 64 * 1024))
> : targetRecords;
> final long tmp = this.targetBytes / this.targetRecords;
> ...
> }
> {code}
> The check in the code _targetRecords <= 0 && this.targetBytes >= 0_ is not
> sufficient: when _*targetRecords == 0 && targetBytes < 0*,_ we can bypass _
> _the_ _protection checking and set _this.targetRecords_ to zero, leading to
> a divide by zero problem when computing _tmp._
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
