[CASSANDRA-18505] NPE when deserializing malformed collections from client - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Normal
Resolution: Fixed
Fix Version/s: 4.0.10, 4.1.2, 5.0-alpha1, 5.0
Component/s: Messaging/Client
Labels:
None

Bug Category:
Code
Severity:
Low
Complexity:
Low Hanging Fruit
Discovered By:
User Report
Platform:

All
Impacts:

None
Since Version:

3.0.0
Source Control Link:

https://github.com/apache/cassandra/commit/ae995eb3d3cc1c98f61db0d071522b6f09443927
Test and Documentation Plan:

Hide

Run through CI

Show
Run through CI

Description

When deserializing collections sent from the client, if an element in the collection is incorrectly serialized, Collections.getValue can return null if the length of the element is negative. Currently this isn't detected and serialization continues, calling validate and throwing an NPE in serializers that don't handle null value buffers.

Detect the malformed input and throw a better MarshalException so it will be converted to an InvalidRequestException for the client.

Attachments

Activity

People

Assignee:: Jon Meredith

Reporter:: Jon Meredith

Authors:: Jon Meredith

Reviewers:: Caleb Rackliffe

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 08/May/23 16:32

Updated:: 12/Sep/23 13:02

Resolved:: 10/May/23 00:13