You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@avro.apache.org by "Clement Pellerin (JIRA)" <ji...@apache.org> on 2016/09/01 19:26:20 UTC
[jira] [Commented] (AVRO-1610) HttpTransceiver.java allocates
arbitrary amount of memory
[ https://issues.apache.org/jira/browse/AVRO-1610?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15456366#comment-15456366 ]
Clement Pellerin commented on AVRO-1610:
----------------------------------------
The calculation of the length is wrong if the input stream indicates EOF by returning -1.
This sometimes results in a negative length which causes ByteBuffer.allocate() to throw
but not always if the first byte exists and is positive.
The code should check against EOF by validating every call to in.read() does not return -1.
> HttpTransceiver.java allocates arbitrary amount of memory
> ---------------------------------------------------------
>
> Key: AVRO-1610
> URL: https://issues.apache.org/jira/browse/AVRO-1610
> Project: Avro
> Issue Type: Bug
> Components: java
> Affects Versions: 1.7.7
> Reporter: Philip Zeyliger
>
> In {{HttpTransceiver.java}}, Avro does:
> {code}
> int length = (in.read()<<24)+(in.read()<<16)+(in.read()<<8)+in.read();
> if (length == 0) { // end of buffers
> return buffers;
> }
> ByteBuffer buffer = ByteBuffer.allocate(length);
> {code}
> This means that badly formatted input (like that produced by {{curl http://host/ --data foo}} and many common security scanners) will trigger an OutOfMemory exception. This is undesirable, especially combined with setups that kill the process on out of memory exceptions.
> This bug is similar in spirit to AVRO-1111.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)