[CASSANDRA-14284] Chunk checksum test needs to occur before uncompress to avoid JVM crash - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Normal
Resolution: Fixed
Fix Version/s: 2.1.21, 2.2.13, 3.0.17, 3.11.3, 4.0-alpha1, 4.0
Component/s: Legacy/Core
Labels:
None
Environment:

Hide

The check-only-after-doing-the-decompress logic appears to be in all current releases.

Here are some samples at different evolution points :

3.11.2:

https://github.com/apache/cassandra/blob/cassandra-3.11.2/src/java/org/apache/cassandra/io/util/CompressedChunkReader.java#L146

https://github.com/apache/cassandra/blob/cassandra-3.11.2/src/java/org/apache/cassandra/io/util/CompressedChunkReader.java#L207

3.5:

https://github.com/apache/cassandra/blob/cassandra-3.5/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L135

https://github.com/apache/cassandra/blob/cassandra-3.5/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L196

2.1.17:

https://github.com/apache/cassandra/blob/cassandra-2.1.17/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L122

Show
The check-only-after-doing-the-decompress logic appears to be in all current releases. Here are some samples at different evolution points : 3.11.2: https://github.com/apache/cassandra/blob/cassandra-3.11.2/src/java/org/apache/cassandra/io/util/CompressedChunkReader.java#L146 https://github.com/apache/cassandra/blob/cassandra-3.11.2/src/java/org/apache/cassandra/io/util/CompressedChunkReader.java#L207 3.5: https://github.com/apache/cassandra/blob/cassandra-3.5/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L135 https://github.com/apache/cassandra/blob/cassandra-3.5/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L196 2.1.17: https://github.com/apache/cassandra/blob/cassandra-2.1.17/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L122

Severity:
Normal

Description

While checksums are (generally) performed on compressed data, the checksum test when reading is currently (in all variants of C* 2.x, 3.x I've looked at) done [on the compressed data] only after the uncompress operation has completed.

The issue here is that LZ4_decompress_fast (as documented in e.g. https://github.com/lz4/lz4/blob/dev/lib/lz4.h#L214) can result in memory overruns when provided with malformed source data. This in turn can (and does, e.g. in ~~CASSANDRA-13757~~) lead to JVM crashes during the uncompress of corrupted chunks. The checksum operation would obviously detect the issue, but we'd never get to it if the JVM crashes first.

Moving the checksum test of the compressed data to before the uncompress operation (in cases where the checksum is done on compressed data) will resolve this issue.

-----------------------------

The check-only-after-doing-the-decompress logic appears to be in all current releases.

Here are some samples at different evolution points :

3.11.2:

https://github.com/apache/cassandra/blob/cassandra-3.11.2/src/java/org/apache/cassandra/io/util/CompressedChunkReader.java#L146

https://github.com/apache/cassandra/blob/cassandra-3.11.2/src/java/org/apache/cassandra/io/util/CompressedChunkReader.java#L207

3.5:

https://github.com/apache/cassandra/blob/cassandra-3.5/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L135

https://github.com/apache/cassandra/blob/cassandra-3.5/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L196

2.1.17:

https://github.com/apache/cassandra/blob/cassandra-2.1.17/src/java/org/apache/cassandra/io/compress/CompressedRandomAccessReader.java#L122

Attachments

Issue Links

duplicates

CASSANDRA-13757 Cassandra 3.5.0 JVM Segfault Problem While Repair Job is Running

Resolved

is duplicated by

CASSANDRA-14283 Crash with SIGBUS (0x7), problematic frame LZ4_decompress_fast

Resolved

CASSANDRA-13757 Cassandra 3.5.0 JVM Segfault Problem While Repair Job is Running

Resolved

Activity

People

Assignee:: Benjamin Lerer

Reporter:: Gil Tene

Authors:: Benjamin Lerer

Reviewers:: Branimir Lambov

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 01/Mar/18 21:12

Updated:: 15/May/20 08:05

Resolved:: 10/Apr/18 12:15