cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Benjamin Lerer (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-14284) Chunk checksum test needs to occur before uncompress to avoid JVM crash
Date Thu, 29 Mar 2018 12:56:00 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-14284?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16418943#comment-16418943
] 

Benjamin Lerer commented on CASSANDRA-14284:
--------------------------------------------

[~blambov], [~giltene] Thanks for the reviews. I completely missed the pre-compression checksum
logic in 2.1.

I force pushed some new patches for [2.1|https://github.com/apache/cassandra/compare/cassandra-2.1...blerer:14284-2.1]
, [3.1|https://github.com/apache/cassandra/compare/cassandra-3.11...blerer:14284-3.11], and
[trunk|https://github.com/apache/cassandra/compare/trunk...blerer:14284-trunk] that address
the different problems.

> Chunk checksum test needs to occur before uncompress to avoid JVM crash
> -----------------------------------------------------------------------
>
>                 Key: CASSANDRA-14284
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-14284
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Core
>         Environment: The check-only-after-doing-the-decompress logic appears to be in
all current releases.
> Here are some samples at different evolution points :
> 3.11.2:
> [https://github.com/apache/cassandra/blob/cassandra-3.11.2/src/java/org/apache/cassandra/io/util/CompressedChunkReader.java#L146]
> https://github.com/apache/cassandra/blob/cassandra-3.11.2/src/java/org/apache/cassandra/io/util/CompressedChunkReader.java#L207
>  
> 3.5:
>  [https://github.com/apache/cassandra/blob/cassandra-3.5/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L135]
> [https://github.com/apache/cassandra/blob/cassandra-3.5/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L196]
> 2.1.17:
>  [https://github.com/apache/cassandra/blob/cassandra-2.1.17/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L122]
>  
>            Reporter: Gil Tene
>            Assignee: Benjamin Lerer
>            Priority: Major
>
> While checksums are (generally) performed on compressed data, the checksum test when
reading is currently (in all variants of C* 2.x, 3.x I've looked at) done [on the compressed
data] only after the uncompress operation has completed. 
> The issue here is that LZ4_decompress_fast (as documented in e.g. [https://github.com/lz4/lz4/blob/dev/lib/lz4.h#L214)] can
result in memory overruns when provided with malformed source data. This in turn can (and
does, e.g. in CASSANDRA-13757) lead to JVM crashes during the uncompress of corrupted chunks.
The checksum operation would obviously detect the issue, but we'd never get to it if the JVM
crashes first.
> Moving the checksum test of the compressed data to before the uncompress operation (in
cases where the checksum is done on compressed data) will resolve this issue.
> -----------------------------
> The check-only-after-doing-the-decompress logic appears to be in all current releases.
> Here are some samples at different evolution points :
> 3.11.2:
> [https://github.com/apache/cassandra/blob/cassandra-3.11.2/src/java/org/apache/cassandra/io/util/CompressedChunkReader.java#L146]
> https://github.com/apache/cassandra/blob/cassandra-3.11.2/src/java/org/apache/cassandra/io/util/CompressedChunkReader.java#L207
>  
> 3.5:
>  [https://github.com/apache/cassandra/blob/cassandra-3.5/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L135]
> [https://github.com/apache/cassandra/blob/cassandra-3.5/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L196]
> 2.1.17:
>  [https://github.com/apache/cassandra/blob/cassandra-2.1.17/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L122]



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org


Mime
View raw message