[jira] [Commented] (CASSANDRA-13646) Bind parameters of collection types are not properly validated

Mon, 03 Jul 2017 04:22:21 -0700 

    [ 
https://issues.apache.org/jira/browse/CASSANDRA-13646?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16072276#comment-16072276
 ] 

Benjamin Lerer commented on CASSANDRA-13646:
--------------------------------------------

When collections are validated the collection elements are validated using the 
{{Serializer::validate}} method. As Tuples and UDFs use a {{BytesSerializer}} 
the validate method does not check if the bytes are valid for the expected 
Tuple or UDT.
The patches add some specific serializers for {{Tuples}} or {{UDTs}} that 
override the {{Serializer::validate}} method.
||[2.2|https://github.com/apache/cassandra/compare/cassandra-2.2...blerer:13646-2.2]||[3.0|https://github.com/apache/cassandra/compare/cassandra-3.0...blerer:13646-3.0]||[3.11|https://github.com/apache/cassandra/compare/cassandra-3.11...blerer:13646-3.11]||[trunk|https://github.com/apache/cassandra/compare/cassandra-trunk...blerer:trunk]||
I ran the patches on our internal CI and the failing tests seems unrelated to 
the patches.


> Bind parameters of collection types are not properly validated  
> ----------------------------------------------------------------
>
>                 Key: CASSANDRA-13646
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-13646
>             Project: Cassandra
>          Issue Type: Bug
>            Reporter: Benjamin Lerer
>            Assignee: Benjamin Lerer
>
> It looks like C* is not validating properly the bind parameters for 
> collection types. If an element of the collection is invalid the value will 
> not be rejected and might cause an Exception later on.
> The problem can be reproduced with the following test:
> {code}
>     @Test
>     public void testInvalidQueries() throws Throwable
>     {
>         createTable("CREATE TABLE %s (k int PRIMARY KEY, s 
> frozen<set<tuple<int, text, double>>>)");
>         execute("INSERT INTO %s (k, s) VALUES (0, ?)", 
> set(tuple(1,"1",1.0,1), tuple(2,"2",2.0,2)));
>     }
> {code}
> The invalid Tuple will cause an "IndexOutOfBoundsException: Index: 3, Size: 3"



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

Reply via email to