flink-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FLINK-6044) TypeSerializerSerializationProxy.read() doesn't verify the read buffer length
Date Tue, 14 Mar 2017 13:50:41 GMT

    [ https://issues.apache.org/jira/browse/FLINK-6044?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15924223#comment-15924223

ASF GitHub Bot commented on FLINK-6044:

Github user StefanRRichter commented on the issue:

    CC @uce @tillrohrmann 

> TypeSerializerSerializationProxy.read() doesn't verify the read buffer length
> -----------------------------------------------------------------------------
>                 Key: FLINK-6044
>                 URL: https://issues.apache.org/jira/browse/FLINK-6044
>             Project: Flink
>          Issue Type: Bug
>          Components: Type Serialization System
>    Affects Versions: 1.2.0
>         Environment: Ubuntu server 12.04.5 64 bit
> java version "1.8.0_111"
> Java(TM) SE Runtime Environment (build 1.8.0_111-b14)
> Java HotSpot(TM) 64-Bit Server VM (build 25.111-b14, mixed mode)
>            Reporter: Avihai Berkovitz
>            Assignee: Stefan Richter
>            Priority: Critical
> The read() method of TypeSerializerSerializationProxy creates a buffers and tries to
fill it by calling the read() method of the given DataInputView, but never checks the return
value. The actual size read from the stream might be smaller than the buffer size, and the
rest of the buffer is filled with zeroes, causing the deserialization to fail.
> It happened to me using a RocksDB state backend backed by S3. The setup was done according
to https://ci.apache.org/projects/flink/flink-docs-release-1.2/setup/aws.html#s3-simple-storage-service
and everything worked correctly until I upgraded to Flink 1.2.0.

This message was sent by Atlassian JIRA

View raw message