Uploaded image for project: 'Kudu'
  1. Kudu
  2. KUDU-2305

Local variables can overflow when serializing a 2GB message

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.6.0
    • Fix Version/s: 1.8.0
    • Component/s: rpc
    • Labels:
      None
    • Target Version/s:

      Description

      When rpc_max_message_size is set to its maximum of INT_MAX (2147483647), certain local variables in SerializeMessage can overflow as messages approach this size. Specifically, recorded_size, size_with_delim, and total_size are 4 byte signed integers and could overflow when additional_size becomes large.

      Since INT_MAX is the largest allowable value for rpc_max_message_size (a 4 byte signed integer), these variables will not overflow if changed to 4 byte unsigned integers. This would eliminate the potential problem for serialization.

      A similar problem exists in the InboundTransfer::ReceiveBuffer() and similar codepaths. Changing those variables to unsigned integers should resolve the issue.

      This does not impact existing systems, because the default value of rpc_max_message_size is 50MB.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                joemcdonnell Joe McDonnell
                Reporter:
                joemcdonnell Joe McDonnell
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: