cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jbel...@apache.org
Subject svn commit: r828922 - in /incubator/cassandra/trunk/src/java/org/apache/cassandra: db/ColumnSerializer.java db/SuperColumn.java utils/FBUtilities.java
Date Fri, 23 Oct 2009 03:06:46 GMT
Author: jbellis
Date: Fri Oct 23 03:06:46 2009
New Revision: 828922

URL: http://svn.apache.org/viewvc?rev=828922&view=rev
Log:
add checks for obviously bogus values read
patch by jbellis; reviewed by junrao for CASSANDRA-466

Modified:
    incubator/cassandra/trunk/src/java/org/apache/cassandra/db/ColumnSerializer.java
    incubator/cassandra/trunk/src/java/org/apache/cassandra/db/SuperColumn.java
    incubator/cassandra/trunk/src/java/org/apache/cassandra/utils/FBUtilities.java

Modified: incubator/cassandra/trunk/src/java/org/apache/cassandra/db/ColumnSerializer.java
URL: http://svn.apache.org/viewvc/incubator/cassandra/trunk/src/java/org/apache/cassandra/db/ColumnSerializer.java?rev=828922&r1=828921&r2=828922&view=diff
==============================================================================
--- incubator/cassandra/trunk/src/java/org/apache/cassandra/db/ColumnSerializer.java (original)
+++ incubator/cassandra/trunk/src/java/org/apache/cassandra/db/ColumnSerializer.java Fri Oct
23 03:06:46 2009
@@ -31,7 +31,7 @@
     public static void writeName(byte[] name, DataOutput out)
     {
         int length = name.length;
-        assert length <= IColumn.MAX_NAME_LENGTH;
+        assert 0 <= length && length <= IColumn.MAX_NAME_LENGTH;
         try
         {
             out.writeByte((length >> 8) & 0xFF);
@@ -49,6 +49,8 @@
         int length = 0;
         length |= (in.readByte() & 0xFF) << 8;
         length |= in.readByte() & 0xFF;
+        if (!(0 <= length && length <= IColumn.MAX_NAME_LENGTH))
+            throw new IOException("Corrupt name length " + length);
         byte[] bytes = new byte[length];
         in.readFully(bytes);
         return bytes;
@@ -74,7 +76,16 @@
         byte[] name = ColumnSerializer.readName(dis);
         boolean delete = dis.readBoolean();
         long ts = dis.readLong();
-        byte[] value = FBUtilities.readByteArray(dis);
+        int length = dis.readInt();
+        if (length < 0)
+        {
+            throw new IOException("Corrupt (negative) value length encountered");
+        }
+        byte[] value = new byte[length];
+        if (length > 0)
+        {
+            dis.readFully(value);
+        }
         return new Column(name, value, ts, delete);
     }
 }

Modified: incubator/cassandra/trunk/src/java/org/apache/cassandra/db/SuperColumn.java
URL: http://svn.apache.org/viewvc/incubator/cassandra/trunk/src/java/org/apache/cassandra/db/SuperColumn.java?rev=828922&r1=828921&r2=828922&view=diff
==============================================================================
--- incubator/cassandra/trunk/src/java/org/apache/cassandra/db/SuperColumn.java (original)
+++ incubator/cassandra/trunk/src/java/org/apache/cassandra/db/SuperColumn.java Fri Oct 23
03:06:46 2009
@@ -350,7 +350,12 @@
     {
         byte[] name = ColumnSerializer.readName(dis);
         SuperColumn superColumn = new SuperColumn(name, comparator);
-        superColumn.markForDeleteAt(dis.readInt(), dis.readLong());
+        int localDeleteTime = dis.readInt();
+        if (localDeleteTime != Integer.MIN_VALUE && localDeleteTime <= 0)
+        {
+            throw new IOException("Invalid localDeleteTime read: " + localDeleteTime);
+        }
+        superColumn.markForDeleteAt(localDeleteTime, dis.readLong());
 
         /* read the number of columns */
         int size = dis.readInt();

Modified: incubator/cassandra/trunk/src/java/org/apache/cassandra/utils/FBUtilities.java
URL: http://svn.apache.org/viewvc/incubator/cassandra/trunk/src/java/org/apache/cassandra/utils/FBUtilities.java?rev=828922&r1=828921&r2=828922&view=diff
==============================================================================
--- incubator/cassandra/trunk/src/java/org/apache/cassandra/utils/FBUtilities.java (original)
+++ incubator/cassandra/trunk/src/java/org/apache/cassandra/utils/FBUtilities.java Fri Oct
23 03:06:46 2009
@@ -200,17 +200,6 @@
         out.write(bytes);
     }
 
-    public static byte[] readByteArray(DataInput in) throws IOException
-    {
-        int length = in.readInt();
-        byte[] bytes = new byte[length];
-        if (length > 0)
-        {
-            in.readFully(bytes);
-        }
-        return bytes;
-    }
-    
     public static byte[] hexToBytes(String str)
     {
         assert str.length() % 2 == 0;



Mime
View raw message