[jira] [Commented] (CASSANDRA-15470) Potential Overflow in DatabaseDescriptor Functions That Convert Between KB/MB & Bytes

Tue, 07 Jan 2020 23:30:48 -0800 


    [ 
https://issues.apache.org/jira/browse/CASSANDRA-15470?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17010433#comment-17010433
 ] 

Mallika Kulkarni commented on CASSANDRA-15470:
----------------------------------------------

Thanks [~jrwest] and [~djoshi]. I looked through the code. It seems to me that 
for methods
 * {{getColumnIndexSize}}
 * {{getColumnIndexCacheSize}}
 * {{getBatchSizeWarnThreshold}}
 * {{getNativeTransportFrameBlockSize}}

0 < {{input}} < 2 * 1024 * 1024 is a good validation to have. 

I do see existing validation for {{getRepairSessionSpaceInMegabytes}} in 
{{DatabaseDescriptor::applyConfig}} and 
{{DatabaseDescriptor::setRepairSessionSpaceInMegabytes}}, and for 
{{getNativeTransportMaxFrameSize}} in {{DatabaseDescriptor::applyConfig}}.

However I do feel validations for all these inputs are necessary in their 
respective Getter and Setter methods both as all the fields in {{Config}} class 
are public, and {{DatabaseDescriptor::getRawConfig}} exposes a reference to the 
{{Config}} class, and its values.  

> Potential Overflow in DatabaseDescriptor Functions That Convert Between KB/MB 
> & Bytes
> -------------------------------------------------------------------------------------
>
>                 Key: CASSANDRA-15470
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-15470
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Local/Config
>            Reporter: Jordan West
>            Assignee: Mallika Kulkarni
>            Priority: Normal
>             Fix For: 4.0-rc
>
>
> {{DatabaseDescriptor}} has several functions that convert between user 
> supplied sizes in KB/MB and bytes. These are implemented without much 
> consistency and, while unlikely, several have the potential to overflow since 
> validation on the input is missing. Meanwhile, some widen the number to a 
> long correctly. Options include: widening in all places or simply doing 
> better validation on start up — currently only the lower bound of the valid 
> range is checked for many of these fields.
> List of Affected {{DatabaseDescriptor}} Methods:
>  * {{getColumnIndexSize}}
>  * {{getColumnIndexCacheSize}}
>  * {{getBatchSizeWarnThreshold}}
>  * {{getNativeTransportFrameBlockSize}}
>  * {{getRepairSessionSpaceInMegabytes}}
>  * {{getNativeTransportMaxFrameSize}}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

Reply via email to