Skip to content
Permalink
Browse files Browse the repository at this point in the history
transport/server.cc: Return correct size of decompressed lz4 buffer
An incorrect size is returned from the function, which could lead to
crashes or undefined behavior. Fix by erroring out in these cases.

Fixes #11476
  • Loading branch information
Lorak-mmk authored and avikivity committed Sep 7, 2022
1 parent e5f6adf commit 1c2eef3
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion transport/server.cc
Expand Up @@ -727,7 +727,10 @@ future<fragmented_temporary_buffer> cql_server::connection::read_and_decompress_
if (ret < 0) {
throw std::runtime_error("CQL frame LZ4 uncompression failure");
}
return out.size();
if (ret != out.size()) {
throw std::runtime_error("Malformed CQL frame - provided uncompressed size different than real uncompressed size");
}
return static_cast<size_t>(ret);
});
on_compression_buffer_use();
return uncomp;
Expand Down

0 comments on commit 1c2eef3

Please sign in to comment.