[jira] [Work logged] (HADOOP-17825) Add BuiltInGzipCompressor

Mon, 09 Aug 2021 06:22:06 -0700 


     [ 
https://issues.apache.org/jira/browse/HADOOP-17825?focusedWorklogId=635864&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-635864
 ]

ASF GitHub Bot logged work on HADOOP-17825:
-------------------------------------------

                Author: ASF GitHub Bot
            Created on: 09/Aug/21 13:21
            Start Date: 09/Aug/21 13:21
    Worklog Time Spent: 10m 
      Work Description: steveloughran commented on pull request #3250:
URL: https://github.com/apache/hadoop/pull/3250#issuecomment-895217443


   One concern here: anything we have to worry about from a security 
perspective? That is, if someone sends in something with an invalid range, does 
that trigger allocation of massive buffers, etc, etc. commons-compress has had 
security issues over time with things like .. in paths. I don't think there's 
risk here, but it's worth considering: do we have to worry about malicious gz 
files?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


Issue Time Tracking
-------------------

    Worklog Id:     (was: 635864)
    Time Spent: 16.5h  (was: 16h 20m)

> Add BuiltInGzipCompressor
> -------------------------
>
>                 Key: HADOOP-17825
>                 URL: https://issues.apache.org/jira/browse/HADOOP-17825
>             Project: Hadoop Common
>          Issue Type: Improvement
>            Reporter: L. C. Hsieh
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 16.5h
>  Remaining Estimate: 0h
>
> Currently, GzipCodec only supports BuiltInGzipDecompressor, if native zlib is 
> not loaded. So, without Hadoop native codec installed, saving SequenceFile 
> using GzipCodec will throw exception like "SequenceFile doesn't work with 
> GzipCodec without native-hadoop code!"
> Same as other codecs which we migrated to using prepared packages (lz4, 
> snappy), it will be better if we support GzipCodec generally without Hadoop 
> native codec installed. Similar to BuiltInGzipDecompressor, we can use Java 
> Deflater to support BuiltInGzipCompressor.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

Reply via email to