You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@thrift.apache.org by "Kjetil Valstadsve (JIRA)" <ji...@apache.org> on 2009/10/08 14:38:31 UTC

[jira] Updated: (THRIFT-602) Out of memory error on bogus input

     [ https://issues.apache.org/jira/browse/THRIFT-602?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Kjetil Valstadsve updated THRIFT-602:
-------------------------------------

    Attachment: Catch_out_of_memory_error,_notify_the_number_of_bytes_requested,_and_rethrow_as_TException_.patch

The patch.

> Out of memory error on bogus input
> ----------------------------------
>
>                 Key: THRIFT-602
>                 URL: https://issues.apache.org/jira/browse/THRIFT-602
>             Project: Thrift
>          Issue Type: Bug
>          Components: Library (Java)
>    Affects Versions: 0.2
>         Environment: The internet :-)
>            Reporter: Kjetil Valstadsve
>         Attachments: Catch_out_of_memory_error,_notify_the_number_of_bytes_requested,_and_rethrow_as_TException_.patch
>
>
> When testing the thrift port of a Cassandra server, I did a telnet and typed in an "sdfsdf" and linebreak, just to see it hang up. 
> Hang up it did! In fact, this happened on the server:
> ERROR [pool-1-thread-1] 2009-10-08 13:20:56,782 CassandraDaemon.java (line 71) Fatal exception in thread Thread[pool-1-thread-1,5,main]
> java.lang.OutOfMemoryError: Java heap space
>         at org.apache.thrift.protocol.TBinaryProtocol.readStringBody(TBinaryProtocol.java:296)
>         at org.apache.thrift.protocol.TBinaryProtocol.readMessageBegin(TBinaryProtocol.java:203)
>         at org.apache.cassandra.service.Cassandra$Processor.process(Cassandra.java:615)
>         at org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:253)
>         at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
>         at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
>         at java.lang.Thread.run(Thread.java:619)
> I assume this is what happens: Data is misread as an input length, an unreasonably-sized array is attempted, and the VM dies. I have a patch that rethrows it as a TException, with some info on the number of bytes requested. I will attach it once I find out how.
> Not sure about the thrift version, it happens in Cassandra 0.4.0, the thrift jar being libthrift-r808609.jar.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.