[
https://issues.apache.org/jira/browse/CASSANDRA-14284?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Gil Tene updated CASSANDRA-14284:
---------------------------------
Description:
While checksums are (generally) performed on compressed data, the checksum test
when reading is currently (in all variants of C* 2.x, 3.x I've looked at) done
[on the compressed data] only after the uncompress operation has completed.
The issue here is that LZ4_decompress_fast (as documented in e.g.
[https://github.com/lz4/lz4/blob/dev/lib/lz4.h#L214)] can result in memory
overruns when provided with malformed source data. This in turn can (and does,
e.g. in CASSANDRA-13757) lead to JVM crashes during the uncompress of corrupted
chunks. The checksum operation would obviously detect the issue, but we'd never
get to it if the JVM crashes first.
Moving the checksum test of the compressed data to before the uncompress
operation (in cases where the checksum is done on compressed data) will resolve
this issue.
was:
While checksums are (generally) performed on compressed data, the checksum test
when reading is currently (in all variants of C* 2.x, 3.x I've looked at) done
o[on the compressed data]nly after the uncompress operation has completed.
The issue here is that LZ4_decompress_fast (as documented in e.g.
[https://github.com/lz4/lz4/blob/dev/lib/lz4.h#L214)] can result in memory
overruns when provided with malformed source data. This in turn can (and does,
e.g. in CASSANDRA-13757) lead to JVM crashes during the uncompress of corrupted
chunks. The checksum operation would obviously detect the issue, but we'd never
get to it if the JVM crashes first.
Moving the checksum test of the compressed data to before the uncompress
operation (in cases where the checksum is done on compressed data) will resolve
this issue.
> Chunk checksum test needs to occur before uncompress to avoid JVM crash
> -----------------------------------------------------------------------
>
> Key: CASSANDRA-14284
> URL: https://issues.apache.org/jira/browse/CASSANDRA-14284
> Project: Cassandra
> Issue Type: Bug
> Components: Core
> Environment: The check-only-after-doing-the-decompress logic appears
> to be in all current releases.
> Here are some samples at different evolution points :
> 3.11.2:
> https://github.com/apache/cassandra/blob/cassandra-3.5/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L135
> https://github.com/apache/cassandra/blob/cassandra-3.5/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L198
> 3.5:
>
> [https://github.com/apache/cassandra/blob/cassandra-3.5/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L135]
> https://github.com/apache/cassandra/blob/cassandra-3.5/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L196
> 2.1.17:
>
> [https://github.com/apache/cassandra/blob/cassandra-2.1.17/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L122]
>
> Reporter: Gil Tene
> Priority: Major
>
> While checksums are (generally) performed on compressed data, the checksum
> test when reading is currently (in all variants of C* 2.x, 3.x I've looked
> at) done [on the compressed data] only after the uncompress operation has
> completed.
> The issue here is that LZ4_decompress_fast (as documented in e.g.
> [https://github.com/lz4/lz4/blob/dev/lib/lz4.h#L214)] can result in memory
> overruns when provided with malformed source data. This in turn can (and
> does, e.g. in CASSANDRA-13757) lead to JVM crashes during the uncompress of
> corrupted chunks. The checksum operation would obviously detect the issue,
> but we'd never get to it if the JVM crashes first.
> Moving the checksum test of the compressed data to before the uncompress
> operation (in cases where the checksum is done on compressed data) will
> resolve this issue.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
