[
https://issues.apache.org/jira/browse/MESOS-5060?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15243420#comment-15243420
]
Greg Mann commented on MESOS-5060:
----------------------------------
[~dongdong], I had a look at this code with BenM and there is a clear bug; we
parse the {{length}} parameter as a {{ssize_t}}, which is a signed type, but
then we use that length value (which may be negative) to initialize an array:
{{boost::shared_array<char> data(new char[length]);}}.
After discussing with BenM, there are a few cases of {{length}} and {{offset}}
which we need to handle:
* A user-defined {{length}} (strictly positive)
* A default {{length}} if none is specified (perhaps equal to the page size)
* A user-defined {{offset}} (positive, negative, or end-of-file)
* A default {{offset}}
The end-of-file offset is important because this endpoint is used to tail
files. Unfortunately, we currently use {{offset == -1}} in the code to indicate
the end-of-file offset. The end-of-file offset is currently the default value
if no {{offset}} is specified; I don't find this to be very intuitive for
users, but it may be our best option if we want to allow negative offsets
(i.e., if we allow negative offsets, how would a user specify the end-of-file
offset explicitly?).
We can probably just remove support for negative values of {{length}}, and
allow the user to use the default length by omitting that parameter.
Have a look at the code and let me know what you think. Since this bug breaks
part of the agent, we'd love to get a fix in soon; do you know when you might
be able to take a look? Thanks! :-)
> Requesting /files/read.json with a negative length value causes subsequent
> /files requests to 404.
> --------------------------------------------------------------------------------------------------
>
> Key: MESOS-5060
> URL: https://issues.apache.org/jira/browse/MESOS-5060
> Project: Mesos
> Issue Type: Bug
> Affects Versions: 0.23.0
> Environment: Mesos 0.23.0 on CentOS 6, also Mesos 0.28.0 on OSX
> Reporter: Tom Petr
> Assignee: zhou xing
> Priority: Minor
> Fix For: 0.29.0
>
>
> I accidentally hit a slave's /files/read.json endpoint with a negative length
> (ex. http://hostname:5051/files/read.json?path=XXX&offset=0&length=-100). The
> HTTP request timed out after 30 seconds with nothing relevant in the slave
> logs, and subsequent calls to any of the /files endpoints on that slave
> immediately returned a HTTP 404 response. We ultimately got things working
> again by restarting the mesos-slave process (checkpointing FTW!), but it'd be
> wise to guard against negative lengths on the slave's end too.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
