Out of memory error on bogus input
----------------------------------
Key: THRIFT-602
URL: https://issues.apache.org/jira/browse/THRIFT-602
Project: Thrift
Issue Type: Bug
Components: Library (Java)
Affects Versions: 0.2
Environment: The internet :-)
Reporter: Kjetil Valstadsve
When testing the thrift port of a Cassandra server, I did a telnet and typed in
an "sdfsdf" and linebreak, just to see it hang up.
Hang up it did! In fact, this happened on the server:
ERROR [pool-1-thread-1] 2009-10-08 13:20:56,782 CassandraDaemon.java (line 71)
Fatal exception in thread Thread[pool-1-thread-1,5,main]
java.lang.OutOfMemoryError: Java heap space
at
org.apache.thrift.protocol.TBinaryProtocol.readStringBody(TBinaryProtocol.java:296)
at
org.apache.thrift.protocol.TBinaryProtocol.readMessageBegin(TBinaryProtocol.java:203)
at
org.apache.cassandra.service.Cassandra$Processor.process(Cassandra.java:615)
at
org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:253)
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:619)
I assume this is what happens: Data is misread as an input length, an
unreasonably-sized array is attempted, and the VM dies. I have a patch that
rethrows it as a TException, with some info on the number of bytes requested. I
will attach it once I find out how.
Not sure about the thrift version, it happens in Cassandra 0.4.0, the thrift
jar being libthrift-r808609.jar.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
