cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sylvain Lebresne (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-2851) hex-to-bytes conversion accepts invalid inputs silently
Date Mon, 04 Jul 2011 08:58:21 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-2851?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13059362#comment-13059362
] 

Sylvain Lebresne commented on CASSANDRA-2851:
---------------------------------------------

Why would it be ok for single-character inputs and not other odd-sized inputs ? An odd-sized
input doesn't (ever) correspond to a valid byte array, so I'd say either we always silently
add a 0 to "make it fit" or we never do it. I do actually am in favor of throwing an exception
rather then coping with it silently since it's more likely to indicate a user error than to
be helpful (but maybe that addition of a '0' in front was there for a reason?).
I'll note that even though I can't imagine why people would generate odd-sized hex input,
since it is allowed so far, there is a chance someone out there does it, and it would be a
"regression" for that guy. So maybe we should target 1.0 for the sake of making minor upgrade
as smooth for everybody as can be.

On the patch side, we must make sure every consumer of hexToBytes() handles the new exception
(or make it a NumberFormatException but I don't think this is a good idea). For instance,
at least BytesType.fromString() should catch the IllegalArgumentException and rethrow a MarshalException,
otherwise CQL will crap his pants on odd-sized inputs.

> hex-to-bytes conversion accepts invalid inputs silently
> -------------------------------------------------------
>
>                 Key: CASSANDRA-2851
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-2851
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 0.7.6, 0.8.1
>            Reporter: David Allsopp
>            Priority: Minor
>             Fix For: 0.8.2
>
>         Attachments: cassandra-2851.diff
>
>
> FBUtilities.hexToBytes() has a minor bug - it copes with single-character inputs by prepending
"0", which is OK - but it does this for any input with an odd number of characters, which
is probably incorrect.
> {noformat}
> if (str.length() % 2 == 1)
>     str = "0" + str;
> {noformat}
> Given 'fff' as an input, can we really assume that this should be '0fff'? Isn't this
just an error?
> Add the following to FBUtilitiesTest to demonstrate:
> {noformat}
> String[] badvalues = new String[]{"000", "fff"};
>        
> for (int i = 0; i < badvalues.length; i++)
>     try
>     {
>         FBUtilities.hexToBytes(badvalues[i]);
>         fail("Invalid hex value accepted"+badvalues[i]);
>     } catch (Exception e){}
> {noformat}

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message