Joe McDonnell created KUDU-2305: ----------------------------------- Summary: Local variables can overflow when serializing a 2GB message Key: KUDU-2305 URL: https://issues.apache.org/jira/browse/KUDU-2305 Project: Kudu Issue Type: Bug Components: rpc Affects Versions: 1.6.0 Reporter: Joe McDonnell Assignee: Joe McDonnell
When rpc_max_message_size is set to its maximum of INT_MAX (2147483647), certain local variables in SerializeMessage can overflow as messages approach this size. Specifically, recorded_size, size_with_delim, and total_size are 4 byte signed integers and could overflow when additional_size becomes large. Since INT_MAX is the largest allowable value for rpc_max_message_size (a 4 byte signed integer), these variables will not overflow if changed to 4 byte unsigned integers. This would eliminate the potential problem for serialization. A similar problem exists in the InboundTransfer::ReceiveBuffer() and similar codepaths. Changing those variables to unsigned integers should resolve the issue. This does not impact existing systems, because the default value of rpc_max_message_size is 50MB. -- This message was sent by Atlassian JIRA (v7.6.3#76005)