sstables/compressed_file_data_source_impl may segfault if the file is corrupt and EOF is reached prematurely #13599

bhalevy · 2023-04-20T11:30:46Z

In compressed_file_data_source_impl::get, read_exactly might return an empty temporary_buffer if we reach EOF on the uncompressed file prematurely.
See

scylladb/sstables/compress.cc

Line 391 in 6ca1b14

    
           return _input_stream->read_exactly(addr.chunk_len).then([this, addr](temporary_buffer<char> buf) {

If that happens, we may try to dereference a null pointer returned by buf.get() in

scylladb/sstables/compress.cc

Line 399 in 6ca1b14

auto expected_checksum = read_be<uint32_t>(buf.get() + compressed_len);

Instead, we should throw an exception about the corrupt file.

The text was updated successfully, but these errors were encountered:

…ble_exception on premature eof Currently, the reader might dereference a null pointer if the input stream reaches eof prematurely, and read_exactly returns an empty temporary_buffer. Detect this condition before dereferencing the buffer and sstables::malformed_sstable_exception. Fixes scylladb#13599 Signed-off-by: Benny Halevy <bhalevy@scylladb.com>

Reproduces scylladb#13599 and verifies the fix. Signed-off-by: Benny Halevy <bhalevy@scylladb.com>

Reproduces #13599 and verifies the fix. Signed-off-by: Benny Halevy <bhalevy@scylladb.com> Closes #13903

…ble_exception on premature eof Currently, the reader might dereference a null pointer if the input stream reaches eof prematurely, and read_exactly returns an empty temporary_buffer. Detect this condition before dereferencing the buffer and sstables::malformed_sstable_exception. Fixes #13599 Signed-off-by: Benny Halevy <bhalevy@scylladb.com> Closes #13600 (cherry picked from commit 77b70db)

denesb · 2023-12-15T11:52:22Z

Backported to 5.2.

…ble_exception on premature eof Currently, the reader might dereference a null pointer if the input stream reaches eof prematurely, and read_exactly returns an empty temporary_buffer. Detect this condition before dereferencing the buffer and sstables::malformed_sstable_exception. Fixes #13599 Signed-off-by: Benny Halevy <bhalevy@scylladb.com> Closes #13600 (cherry picked from commit 77b70db)

bhalevy mentioned this issue Apr 20, 2023

sstables: compressed_file_data_source_impl: get: throw malformed_sstable_exception on premature eof #13600

Closed

DoronArazii assigned denesb and bhalevy Apr 20, 2023

DoronArazii added the P2 High Priority label Apr 20, 2023

DoronArazii added this to the 5.3 milestone Apr 20, 2023

scylladb-promoter closed this as completed in 77b70db Apr 21, 2023

scylladb-promoter added the Backport candidate label Apr 21, 2023

bhalevy added a commit to bhalevy/scylla that referenced this issue May 16, 2023

test: sstable_3_x_test: add test_compression_premature_eof

98d1ccf

Reproduces scylladb#13599 and verifies the fix. Signed-off-by: Benny Halevy <bhalevy@scylladb.com>

bhalevy mentioned this issue May 16, 2023

test: sstable_3_x_test: add test_compression_premature_eof #13903

Closed

denesb pushed a commit that referenced this issue May 17, 2023

test: sstable_3_x_test: add test_compression_premature_eof

302a894

Reproduces #13599 and verifies the fix. Signed-off-by: Benny Halevy <bhalevy@scylladb.com> Closes #13903

denesb removed the Backport candidate label Dec 15, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

sstables/compressed_file_data_source_impl may segfault if the file is corrupt and EOF is reached prematurely #13599

sstables/compressed_file_data_source_impl may segfault if the file is corrupt and EOF is reached prematurely #13599

bhalevy commented Apr 20, 2023

denesb commented Dec 15, 2023

sstables/compressed_file_data_source_impl may segfault if the file is corrupt and EOF is reached prematurely #13599

sstables/compressed_file_data_source_impl may segfault if the file is corrupt and EOF is reached prematurely #13599

Comments

bhalevy commented Apr 20, 2023

denesb commented Dec 15, 2023