hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Greg Roelofs (JIRA)" <j...@apache.org>
Subject [jira] Created: (HADOOP-6966) missing bzip2 bounds checks, other stream-corruption checks
Date Tue, 21 Sep 2010 01:19:34 GMT
missing bzip2 bounds checks, other stream-corruption checks
-----------------------------------------------------------

                 Key: HADOOP-6966
                 URL: https://issues.apache.org/jira/browse/HADOOP-6966
             Project: Hadoop Common
          Issue Type: Bug
    Affects Versions: 0.22.0
            Reporter: Greg Roelofs


The bzip2 Java port by Keiron Liddle appears to be very closely related to the bzip2/libbzip2
C code, but it is missing a number of data-integrity checks present in the latter (including
today's fix for CVE-2010-0405).

Java may be immune to C-style buffer overruns, but the data-corruption possibility remains.
 I believe most of the 20+ BZ_DATA_ERROR checks in decompress.c are appropriate in the Ant/Hadoop
port.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message