cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gil Tene (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-14284) Chunk checksum test needs to occur before uncompress to avoid JVM crash
Date Wed, 28 Mar 2018 15:41:00 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-14284?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16417573#comment-16417573
] 

Gil Tene commented on CASSANDRA-14284:
--------------------------------------

The patch for 2.1 has an issue, I think: 2.1 (unlike the later versions) seems to support
checksumming o either the compressed or uncompressed data (depending on what metadata.hasPostCompressionAdlerChecksums
indicates). Only the checksum test of the compressed data can be moved to before the uncompress.
The checksum in the uncompressed case has to remain after the uncompress.

> Chunk checksum test needs to occur before uncompress to avoid JVM crash
> -----------------------------------------------------------------------
>
>                 Key: CASSANDRA-14284
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-14284
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Core
>         Environment: The check-only-after-doing-the-decompress logic appears to be in
all current releases.
> Here are some samples at different evolution points :
> 3.11.2:
> [https://github.com/apache/cassandra/blob/cassandra-3.11.2/src/java/org/apache/cassandra/io/util/CompressedChunkReader.java#L146]
> https://github.com/apache/cassandra/blob/cassandra-3.11.2/src/java/org/apache/cassandra/io/util/CompressedChunkReader.java#L207
>  
> 3.5:
>  [https://github.com/apache/cassandra/blob/cassandra-3.5/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L135]
> [https://github.com/apache/cassandra/blob/cassandra-3.5/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L196]
> 2.1.17:
>  [https://github.com/apache/cassandra/blob/cassandra-2.1.17/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L122]
>  
>            Reporter: Gil Tene
>            Assignee: Benjamin Lerer
>            Priority: Major
>
> While checksums are (generally) performed on compressed data, the checksum test when
reading is currently (in all variants of C* 2.x, 3.x I've looked at) done [on the compressed
data] only after the uncompress operation has completed. 
> The issue here is that LZ4_decompress_fast (as documented in e.g. [https://github.com/lz4/lz4/blob/dev/lib/lz4.h#L214)] can
result in memory overruns when provided with malformed source data. This in turn can (and
does, e.g. in CASSANDRA-13757) lead to JVM crashes during the uncompress of corrupted chunks.
The checksum operation would obviously detect the issue, but we'd never get to it if the JVM
crashes first.
> Moving the checksum test of the compressed data to before the uncompress operation (in
cases where the checksum is done on compressed data) will resolve this issue.
> -----------------------------
> The check-only-after-doing-the-decompress logic appears to be in all current releases.
> Here are some samples at different evolution points :
> 3.11.2:
> [https://github.com/apache/cassandra/blob/cassandra-3.11.2/src/java/org/apache/cassandra/io/util/CompressedChunkReader.java#L146]
> https://github.com/apache/cassandra/blob/cassandra-3.11.2/src/java/org/apache/cassandra/io/util/CompressedChunkReader.java#L207
>  
> 3.5:
>  [https://github.com/apache/cassandra/blob/cassandra-3.5/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L135]
> [https://github.com/apache/cassandra/blob/cassandra-3.5/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L196]
> 2.1.17:
>  [https://github.com/apache/cassandra/blob/cassandra-2.1.17/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L122]



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org


Mime
View raw message