flink-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stephan Ewen (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FLINK-6044) TypeSerializerSerializationProxy.read() doesn't verify the read buffer length
Date Wed, 15 Mar 2017 19:10:41 GMT

    [ https://issues.apache.org/jira/browse/FLINK-6044?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15926779#comment-15926779

Stephan Ewen commented on FLINK-6044:

[~srichter] I think we should try and safeguard Flink against running into the same bug again.

> TypeSerializerSerializationProxy.read() doesn't verify the read buffer length
> -----------------------------------------------------------------------------
>                 Key: FLINK-6044
>                 URL: https://issues.apache.org/jira/browse/FLINK-6044
>             Project: Flink
>          Issue Type: Bug
>          Components: Type Serialization System
>    Affects Versions: 1.2.0
>         Environment: Ubuntu server 12.04.5 64 bit
> java version "1.8.0_111"
> Java(TM) SE Runtime Environment (build 1.8.0_111-b14)
> Java HotSpot(TM) 64-Bit Server VM (build 25.111-b14, mixed mode)
>            Reporter: Avihai Berkovitz
>            Assignee: Stefan Richter
>            Priority: Critical
>             Fix For: 1.3.0
> The read() method of TypeSerializerSerializationProxy creates a buffers and tries to
fill it by calling the read() method of the given DataInputView, but never checks the return
value. The actual size read from the stream might be smaller than the buffer size, and the
rest of the buffer is filled with zeroes, causing the deserialization to fail.
> It happened to me using a RocksDB state backend backed by S3. The setup was done according
to https://ci.apache.org/projects/flink/flink-docs-release-1.2/setup/aws.html#s3-simple-storage-service
and everything worked correctly until I upgraded to Flink 1.2.0.

This message was sent by Atlassian JIRA

View raw message