[jira] [Assigned] (CASSANDRA-14284) Chunk checksum test needs to occur before uncompress to avoid JVM crash

["Benjamin Lerer (JIRA)" <ji...@apache.org>]

     [ https://issues.apache.org/jira/browse/CASSANDRA-14284?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Benjamin Lerer reassigned CASSANDRA-14284:
------------------------------------------

    Assignee: Benjamin Lerer

> Chunk checksum test needs to occur before uncompress to avoid JVM crash
> -----------------------------------------------------------------------
>
>                 Key: CASSANDRA-14284
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-14284
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Core
>         Environment: The check-only-after-doing-the-decompress logic appears to be in all current releases.
> Here are some samples at different evolution points :
> 3.11.2:
> https://github.com/apache/cassandra/blob/cassandra-3.5/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L135
> https://github.com/apache/cassandra/blob/cassandra-3.5/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L198
> 3.5:
>  [https://github.com/apache/cassandra/blob/cassandra-3.5/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L135]
> https://github.com/apache/cassandra/blob/cassandra-3.5/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L196
> 2.1.17:
>  [https://github.com/apache/cassandra/blob/cassandra-2.1.17/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L122]
>  
>            Reporter: Gil Tene
>            Assignee: Benjamin Lerer
>            Priority: Major
>
> While checksums are (generally) performed on compressed data, the checksum test when reading is currently (in all variants of C* 2.x, 3.x I've looked at) done [on the compressed data] only after the uncompress operation has completed. 
> The issue here is that LZ4_decompress_fast (as documented in e.g. [https://github.com/lz4/lz4/blob/dev/lib/lz4.h#L214)] can result in memory overruns when provided with malformed source data. This in turn can (and does, e.g. in CASSANDRA-13757) lead to JVM crashes during the uncompress of corrupted chunks. The checksum operation would obviously detect the issue, but we'd never get to it if the JVM crashes first.
> Moving the checksum test of the compressed data to before the uncompress operation (in cases where the checksum is done on compressed data) will resolve this issue.
> -----------------------------
> The check-only-after-doing-the-decompress logic appears to be in all current releases.
> Here are some samples at different evolution points :
> 3.11.2:
> [https://github.com/apache/cassandra/blob/cassandra-3.5/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L135]
> [https://github.com/apache/cassandra/blob/cassandra-3.5/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L198]
> 3.5:
>  [https://github.com/apache/cassandra/blob/cassandra-3.5/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L135]
> [https://github.com/apache/cassandra/blob/cassandra-3.5/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L196]
> 2.1.17:
>  [https://github.com/apache/cassandra/blob/cassandra-2.1.17/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L122]



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org