[CASSANDRA-14925] DecimalSerializer.toString() can be used as OOM attack - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Urgent
Resolution: Fixed
Fix Version/s: 3.0.24, 3.11.10, 4.0-rc1, 4.0
Component/s: Legacy/Core
Labels:
None

Severity:
Critical
Since Version:

3.0.0
Source Control Link:

https://github.com/apache/cassandra/commit/ea52f1d2fa032dd28bbe69a1914497e48a6eb99a

Description

Currently, in DecimalSerializer.toString(value), it uses BigDecimal.toPlainString() which generates huge string for large scale values.

BigDecimal d = new BigDecimal("1e-" + (Integer.MAX_VALUE - 6));
d.toPlainString(); // oom

Propose to use BigDecimal.toString() when scale is larger than 100 which is configurable via -Dcassandra.decimal.maxscaleforstring

patch	circle-ci
trunk	unit

The code should apply cleanly to 3.0+.

Attachments

Activity

People

Assignee:: Zhao Yang

Reporter:: Zhao Yang

Authors:: Zhao Yang

Reviewers:: Benjamin Lerer

Votes:: 1 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 10/Dec/18 07:05

Updated:: 30/Dec/20 11:31

Resolved:: 19/Dec/20 18:41