[jira] [Commented] (ZOOKEEPER-2186) QuorumCnxManager#receiveConnection may crash with random input

Thu, 14 May 2015 01:32:16 -0700 

    [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-2186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14543381#comment-14543381
 ] 

Hadoop QA commented on ZOOKEEPER-2186:
--------------------------------------

-1 overall.  Here are the results of testing the latest attachment 
  
http://issues.apache.org/jira/secure/attachment/12732809/ZOOKEEPER-2186-v3.4.patch
  against trunk revision 1679313.

    +1 @author.  The patch does not contain any @author tags.

    -1 tests included.  The patch doesn't appear to include any new or modified 
tests.
                        Please justify why no new tests are needed for this 
patch.
                        Also please list what manual steps were performed to 
verify this patch.

    -1 patch.  The patch command could not apply the patch.

Console output: 
https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/2697//console

This message is automatically generated.

> QuorumCnxManager#receiveConnection may crash with random input
> --------------------------------------------------------------
>
>                 Key: ZOOKEEPER-2186
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2186
>             Project: ZooKeeper
>          Issue Type: Bug
>          Components: server
>    Affects Versions: 3.4.6, 3.5.0
>            Reporter: Raul Gutierrez Segales
>            Assignee: Raul Gutierrez Segales
>             Fix For: 3.4.7, 3.5.1, 3.6.0
>
>         Attachments: ZOOKEEPER-2186-v3.4.patch, ZOOKEEPER-2186.patch, 
> ZOOKEEPER-2186.patch, ZOOKEEPER-2186.patch
>
>
> This will allocate an arbitrarily large byte buffer (and try to read it!):
> {code}
>     public boolean receiveConnection(Socket sock) {
>         Long sid = null;
> ...
>                 sid = din.readLong();
>                 // next comes the #bytes in the remainder of the message      
>                                                                        
>                 int num_remaining_bytes = din.readInt();
>                 byte[] b = new byte[num_remaining_bytes];
>                 // remove the remainder of the message from din               
>                                                                        
>                 int num_read = din.read(b);
> {code}
> This will crash the QuorumCnxManager thread, so the cluster will keep going 
> but future elections might fail to converge (ditto for leaving/joining 
> members). 
> Patch coming up in a bit.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to