Return-Path: <dev-return-76632-archive-asf-public=cust-asf.ponee.io@kafka.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 6EF07200C56
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Fri, 14 Apr 2017 18:10:47 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id 6DB28160BA3; Fri, 14 Apr 2017 16:10:47 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id B6CA9160B8C
	for <archive-asf-public@cust-asf.ponee.io>; Fri, 14 Apr 2017 18:10:46 +0200 (CEST)
Received: (qmail 86531 invoked by uid 500); 14 Apr 2017 16:10:45 -0000
Mailing-List: contact dev-help@kafka.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@kafka.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@kafka.apache.org>
List-Post: <mailto:dev@kafka.apache.org>
List-Id: <dev.kafka.apache.org>
Reply-To: dev@kafka.apache.org
Delivered-To: mailing list dev@kafka.apache.org
Received: (qmail 86520 invoked by uid 99); 14 Apr 2017 16:10:45 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 14 Apr 2017 16:10:45 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 5B2CDCC884
	for <dev@kafka.apache.org>; Fri, 14 Apr 2017 16:10:45 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -99.202
X-Spam-Level: 
X-Spam-Status: No, score=-99.202 tagged_above=-999 required=6.31
	tests=[KAM_ASCII_DIVIDERS=0.8, RP_MATCHES_RCVD=-0.001,
	SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=disabled
Received: from mx1-lw-eu.apache.org ([10.40.0.8])
	by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024)
	with ESMTP id 5ld88Kj8qwOa for <dev@kafka.apache.org>;
	Fri, 14 Apr 2017 16:10:44 +0000 (UTC)
Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139])
	by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTP id 00CA05FCD7
	for <dev@kafka.apache.org>; Fri, 14 Apr 2017 16:10:44 +0000 (UTC)
Received: from jira-lw-us.apache.org (unknown [207.244.88.139])
	by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 44B0FE0069
	for <dev@kafka.apache.org>; Fri, 14 Apr 2017 16:10:43 +0000 (UTC)
Received: from jira-lw-us.apache.org (localhost [127.0.0.1])
	by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id D7C1321B53
	for <dev@kafka.apache.org>; Fri, 14 Apr 2017 16:10:41 +0000 (UTC)
Date: Fri, 14 Apr 2017 16:10:41 +0000 (UTC)
From: "Ismael Juma (JIRA)" <jira@apache.org>
To: dev@kafka.apache.org
Message-ID: <JIRA.13063658.1492040219000.285252.1492186241882@Atlassian.JIRA>
In-Reply-To: <JIRA.13063658.1492040219000@Atlassian.JIRA>
References: <JIRA.13063658.1492040219000@Atlassian.JIRA> <JIRA.13063658.1492040219290@jira-lw-us.apache.org>
Subject: [jira] [Commented] (KAFKA-5062) Kafka brokers can accept malformed
 requests which allocate gigabytes of memory
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394
archived-at: Fri, 14 Apr 2017 16:10:47 -0000


    [ https://issues.apache.org/jira/browse/KAFKA-5062?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15969210#comment-15969210 ] 

Ismael Juma commented on KAFKA-5062:
------------------------------------

Yes, that is reasonable.

In fact, we materialize the whole RecordBatch/MessageSet. We could change it to materialize a single record/message for message format V2 easily by using RecordBatch.streamingIterator(), but the solution suggested by [~junrao] seems better.

We do something similar in `FileChannelRecordBatch` for the magic and lastOffset fields to avoid loading too much from disk. A similar approach could be taken to avoid decompressing data unnecessarily.

> Kafka brokers can accept malformed requests which allocate gigabytes of memory
> ------------------------------------------------------------------------------
>
>                 Key: KAFKA-5062
>                 URL: https://issues.apache.org/jira/browse/KAFKA-5062
>             Project: Kafka
>          Issue Type: Bug
>            Reporter: Apurva Mehta
>
> In some circumstances, it is possible to cause a Kafka broker to allocate massive amounts of memory by writing malformed bytes to the brokers port. 
> In investigating an issue, we saw byte arrays on the kafka heap upto 1.8 gigabytes, the first 360 bytes of which were non kafka requests -- an application was writing the wrong data to kafka, causing the broker to interpret the request size as 1.8GB and then allocate that amount. Apart from the first 360 bytes, the rest of the 1.8GB byte array was null. 
> We have a socket.request.max.bytes set at 100MB to protect against this kind of thing, but somehow that limit is not always respected. We need to investigate why and fix it.
> cc [~rnpridgeon], [~ijuma], [~gwenshap], [~cmccabe]



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)