[jira] [Commented] (LUCENE-4196) Turn asserts in I/O related code into hard checks

[Uwe Schindler (JIRA)]

    [ 
https://issues.apache.org/jira/browse/LUCENE-4196?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13452871#comment-13452871
 ] 

Uwe Schindler commented on LUCENE-4196:
---------------------------------------

Hi Robert,
I wanted to go through the codec code to check this myself. I just had no time 
to do it. E.g. things like the CompoundFileReader not using hard checks is one 
reason, why I want to go through it a second time. Whats the issue with keeping 
this issue open as a "todo task"?
                
> Turn asserts in I/O related code into hard checks
> -------------------------------------------------
>
>                 Key: LUCENE-4196
>                 URL: https://issues.apache.org/jira/browse/LUCENE-4196
>             Project: Lucene - Core
>          Issue Type: Task
>          Components: core/index
>    Affects Versions: 4.0-ALPHA
>            Reporter: Uwe Schindler
>             Fix For: 4.0
>
>         Attachments: LUCENE-4196.patch
>
>
> In lots of codecs we only assert, that e.g. some things inside files are 
> correctly in bounds, which leads to security problems (ok, not as bad as 
> C-Style buffer overflows), but e.g. allocating a large array after reading a 
> VInt from a file header and then OOM, is a security issue. So we have to 
> check all those contracts for files as hard checks, especially as a simply 
> check in most cases dont cost anything (and it costs not more than the assert 
> itsself, as the assert also takes CPU power, because it needs a check one 
> time on a static final class field).
> Of course we cannot check values we read when reading postings, but the 
> simple checks that any postings file has correct header and something like a 
> positive number of elements, or number of elements < file size,..., a 
> bit-fireld only contains valid bits in StoredFieldsReader, or non-duplicate 
> filenames (CFS) are very important. We had those checks in 3.x, but in 4.0, 
> Mike changed all of those to asserts during the flex development (in my 
> opinion with no real reason).

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org