[jira] [Commented] (LUCENE-4196) Turn asserts in I/O related code into hard checks

[Robert Muir (JIRA)]

    [ 
https://issues.apache.org/jira/browse/LUCENE-4196?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13452876#comment-13452876
 ] 

Robert Muir commented on LUCENE-4196:
-------------------------------------

There is no issue except the "fix version" field: I'm just trying to get things 
with fixVersion=4.0 contained and assigned to people who
are actually planning on working the issues in the next few days, or moved out 
of the release.

If there is really more work thats necessary before 4.0 and someone is planning 
on working on it, then I think it should have the fixVersion.

But if its just a "future" item that would be nice, then it should be moved out.
                
> Turn asserts in I/O related code into hard checks
> -------------------------------------------------
>
>                 Key: LUCENE-4196
>                 URL: https://issues.apache.org/jira/browse/LUCENE-4196
>             Project: Lucene - Core
>          Issue Type: Task
>          Components: core/index
>    Affects Versions: 4.0-ALPHA
>            Reporter: Uwe Schindler
>             Fix For: 4.0
>
>         Attachments: LUCENE-4196.patch
>
>
> In lots of codecs we only assert, that e.g. some things inside files are 
> correctly in bounds, which leads to security problems (ok, not as bad as 
> C-Style buffer overflows), but e.g. allocating a large array after reading a 
> VInt from a file header and then OOM, is a security issue. So we have to 
> check all those contracts for files as hard checks, especially as a simply 
> check in most cases dont cost anything (and it costs not more than the assert 
> itsself, as the assert also takes CPU power, because it needs a check one 
> time on a static final class field).
> Of course we cannot check values we read when reading postings, but the 
> simple checks that any postings file has correct header and something like a 
> positive number of elements, or number of elements < file size,..., a 
> bit-fireld only contains valid bits in StoredFieldsReader, or non-duplicate 
> filenames (CFS) are very important. We had those checks in 3.x, but in 4.0, 
> Mike changed all of those to asserts during the flex development (in my 
> opinion with no real reason).

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org