> Looking at the thrift code it is allocating arrays based on lengths read of > the wire, without adequate validation of the length. This allows client > errors to crash the server :(
This is fixed with latest cassandra and current versions of thrift. I don't remember whether it was a thrift bug in and of itself, or whether it was in combination with the move to the framed thrift transport (and I didn't find the JIRA atm). I *think* the latest 0.6 with its version of thrift and enabling framed mode should be sufficient to avoid it but I'm not certain about the 0.6 branch. -- / Peter Schuller