Fix bug in SlicedInputStream with zero length #4863

andrross · 2022-10-21T00:18:59Z

Per the contract of InputStream#read(byte[], int, int):

If len is zero, then no bytes are read and 0 is returned

SlicedInputStream had a bug where if a zero length was passed then it would drain all the underlying streams and return -1. This was uncovered by using InputStream#readAllBytes in new code under development. The only existing usage of SlicedInputStream should not be vulnerable to this bug.

I've also added a check for invalid arguments and created tests to ensure the proper exceptions are thrown per the InputStream contract. In the test I've replaced a "readFully" method with an equivalent "readNBytes" that was introduced in Java 11.

Signed-off-by: Andrew Ross andrross@amazon.com

Check List

New functionality includes testing.
- All tests pass
New functionality has been documented.
- New functionality has javadoc added
Commits are signed per the DCO using --signoff
Commit changes are listed out in CHANGELOG.md file (See: Changelog)

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

github-actions · 2022-10-21T00:21:12Z

Gradle Check (Jenkins) Run Completed with:

RESULT: FAILURE ❌
URL: https://build.ci.opensearch.org/job/gradle-check/5135/
CommitID: 38d0ade

github-actions · 2022-10-21T00:49:09Z

Gradle Check (Jenkins) Run Completed with:

RESULT: FAILURE ❌
URL: https://build.ci.opensearch.org/job/gradle-check/5136/
CommitID: 6156df1

dblock · 2022-10-21T15:55:08Z

Rebase? I think CI is fixed.

andrross · 2022-10-21T15:59:01Z

Rebase? I think CI is fixed.

Spotless error. Rookie mistake :) Should be fixed now.

github-actions · 2022-10-21T16:29:39Z

Gradle Check (Jenkins) Run Completed with:

RESULT: FAILURE ❌
URL: https://build.ci.opensearch.org/job/gradle-check/5181/
CommitID: 2ecfc8a

adnapibar · 2022-10-21T16:37:00Z

server/src/main/java/org/opensearch/index/snapshots/blobstore/SlicedInputStream.java

@@ -100,6 +101,11 @@ public final int read() throws IOException {

    @Override
    public final int read(byte[] buffer, int offset, int length) throws IOException {
+        Objects.checkFromIndexSize(offset, length, buffer.length);
+        if (length == 0) {


should it be <= ?

Objects.checkFromIndexSize handles the invalid cases, so less than zero will never get here.

Per the contract of InputStream#read(byte[], int, int): If len is zero, then no bytes are read and 0 is returned SlicedInputStream had a bug where if a zero length was passed then it would drain all the underlying streams and return -1. This was uncovered by using InputStream#readAllBytes in new code under development. The only existing usage of SlicedInputStream should not be vulnerable to this bug. I've also added a check for invalid arguments and created tests to ensure the proper exceptions are thrown per the InputStream contract. In the test I've replaced a "readFully" method with an equivalent "readNBytes" that was introduced in Java 11. Signed-off-by: Andrew Ross <andrross@amazon.com>

github-actions · 2022-10-22T01:15:27Z

Gradle Check (Jenkins) Run Completed with:

RESULT: FAILURE ❌
URL: https://build.ci.opensearch.org/job/gradle-check/5299/
CommitID: a1cf4c0

andrross · 2022-10-22T01:36:14Z

Test failure: #4881

github-actions · 2022-10-22T02:05:37Z

Gradle Check (Jenkins) Run Completed with:

RESULT: UNSTABLE ❌
URL: https://build.ci.opensearch.org/job/gradle-check/5302/
CommitID: a1cf4c0

github-actions · 2022-10-22T13:53:47Z

Gradle Check (Jenkins) Run Completed with:

RESULT: SUCCESS ✅
URL: https://build.ci.opensearch.org/job/gradle-check/5317/
CommitID: a1cf4c0

codecov-commenter · 2022-10-22T13:59:11Z

Codecov Report

Merging #4863 (a1cf4c0) into main (d85f8cd) will decrease coverage by 1.00%.
The diff coverage is 100.00%.

@@             Coverage Diff              @@
##               main    #4863      +/-   ##
============================================
- Coverage     71.79%   70.79%   -1.01%     
+ Complexity    62907    57861    -5046     
============================================
  Files          4689     4689              
  Lines        300505   276913   -23592     
  Branches      46129    40301    -5828     
============================================
- Hits         215750   196033   -19717     
+ Misses        67829    64681    -3148     
+ Partials      16926    16199     -727

Impacted Files	Coverage Δ
...h/index/snapshots/blobstore/SlicedInputStream.java	`82.92% <100.00%> (-6.55%)`	⬇️
...adonly/AddIndexBlockClusterStateUpdateRequest.java	`0.00% <0.00%> (-75.00%)`	⬇️
...luster/routing/allocation/RoutingExplanations.java	`41.37% <0.00%> (-58.63%)`	⬇️
...readonly/TransportVerifyShardIndexBlockAction.java	`9.75% <0.00%> (-58.54%)`	⬇️
...n/admin/indices/readonly/AddIndexBlockRequest.java	`17.85% <0.00%> (-53.58%)`	⬇️
.../java/org/opensearch/node/NodeClosedException.java	`50.00% <0.00%> (-50.00%)`	⬇️
...a/org/opensearch/tasks/TaskCancelledException.java	`50.00% <0.00%> (-50.00%)`	⬇️
.../org/opensearch/http/HttpReadTimeoutException.java	`50.00% <0.00%> (-50.00%)`	⬇️
...cluster/coordination/PendingClusterStateStats.java	`20.00% <0.00%> (-48.00%)`	⬇️
.../admin/cluster/reroute/ClusterRerouteResponse.java	`55.00% <0.00%> (-45.00%)`	⬇️
... and 681 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

Per the contract of InputStream#read(byte[], int, int): If len is zero, then no bytes are read and 0 is returned SlicedInputStream had a bug where if a zero length was passed then it would drain all the underlying streams and return -1. This was uncovered by using InputStream#readAllBytes in new code under development. The only existing usage of SlicedInputStream should not be vulnerable to this bug. I've also added a check for invalid arguments and created tests to ensure the proper exceptions are thrown per the InputStream contract. In the test I've replaced a "readFully" method with an equivalent "readNBytes" that was introduced in Java 11. Signed-off-by: Andrew Ross <andrross@amazon.com> Signed-off-by: Andrew Ross <andrross@amazon.com> (cherry picked from commit 6571db7) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> # Conflicts: # CHANGELOG.md

Per the contract of InputStream#read(byte[], int, int): If len is zero, then no bytes are read and 0 is returned SlicedInputStream had a bug where if a zero length was passed then it would drain all the underlying streams and return -1. This was uncovered by using InputStream#readAllBytes in new code under development. The only existing usage of SlicedInputStream should not be vulnerable to this bug. I've also added a check for invalid arguments and created tests to ensure the proper exceptions are thrown per the InputStream contract. In the test I've replaced a "readFully" method with an equivalent "readNBytes" that was introduced in Java 11. Signed-off-by: Andrew Ross <andrross@amazon.com> Signed-off-by: Andrew Ross <andrross@amazon.com> (cherry picked from commit 6571db7) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Signed-off-by: Andrew Ross <andrross@amazon.com>

Per the contract of InputStream#read(byte[], int, int): If len is zero, then no bytes are read and 0 is returned SlicedInputStream had a bug where if a zero length was passed then it would drain all the underlying streams and return -1. This was uncovered by using InputStream#readAllBytes in new code under development. The only existing usage of SlicedInputStream should not be vulnerable to this bug. I've also added a check for invalid arguments and created tests to ensure the proper exceptions are thrown per the InputStream contract. In the test I've replaced a "readFully" method with an equivalent "readNBytes" that was introduced in Java 11. Signed-off-by: Andrew Ross <andrross@amazon.com> (cherry picked from commit 6571db7) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Signed-off-by: Andrew Ross <andrross@amazon.com>

…ject#4863) (opensearch-project#5044)" This reverts commit 870d13d.

Per the contract of InputStream#read(byte[], int, int): If len is zero, then no bytes are read and 0 is returned SlicedInputStream had a bug where if a zero length was passed then it would drain all the underlying streams and return -1. This was uncovered by using InputStream#readAllBytes in new code under development. The only existing usage of SlicedInputStream should not be vulnerable to this bug. I've also added a check for invalid arguments and created tests to ensure the proper exceptions are thrown per the InputStream contract. In the test I've replaced a "readFully" method with an equivalent "readNBytes" that was introduced in Java 11. Signed-off-by: Andrew Ross <andrross@amazon.com> Signed-off-by: Andrew Ross <andrross@amazon.com>

andrross force-pushed the sliced-input-stream-bug branch from 38d0ade to 6156df1 Compare October 21, 2022 00:20

andrross marked this pull request as ready for review October 21, 2022 00:21

andrross requested review from a team and reta as code owners October 21, 2022 00:21

kotwanikunal approved these changes Oct 21, 2022

View reviewed changes

andrross force-pushed the sliced-input-stream-bug branch from 6156df1 to 2ecfc8a Compare October 21, 2022 15:58

adnapibar reviewed Oct 21, 2022

View reviewed changes

adnapibar approved these changes Oct 21, 2022

View reviewed changes

andrross force-pushed the sliced-input-stream-bug branch from 2ecfc8a to a1cf4c0 Compare October 22, 2022 00:46

reta approved these changes Oct 22, 2022

View reviewed changes

reta merged commit 6571db7 into opensearch-project:main Oct 22, 2022

andrross added backport 2.x Backport to 2.x branch backport 2.4 Backport to 2.4 branch labels Nov 2, 2022

This was referenced Nov 2, 2022

[Backport 2.4] Fix bug in SlicedInputStream with zero length #5044

Merged

[Backport 2.x] Fix bug in SlicedInputStream with zero length #5045

Merged

tlfeng pushed a commit to tlfeng/OpenSearch that referenced this pull request Nov 3, 2022

Revert "Fix bug in SlicedInputStream with zero length (opensearch-pro…

b7814c9

…ject#4863) (opensearch-project#5044)" This reverts commit 870d13d.

andrross deleted the sliced-input-stream-bug branch November 9, 2022 19:11

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix bug in SlicedInputStream with zero length #4863

Fix bug in SlicedInputStream with zero length #4863

andrross commented Oct 21, 2022

github-actions bot commented Oct 21, 2022

github-actions bot commented Oct 21, 2022

dblock commented Oct 21, 2022

andrross commented Oct 21, 2022

github-actions bot commented Oct 21, 2022

adnapibar Oct 21, 2022

andrross Oct 21, 2022

github-actions bot commented Oct 22, 2022

andrross commented Oct 22, 2022

github-actions bot commented Oct 22, 2022

github-actions bot commented Oct 22, 2022

codecov-commenter commented Oct 22, 2022

Fix bug in SlicedInputStream with zero length #4863

Fix bug in SlicedInputStream with zero length #4863

Conversation

andrross commented Oct 21, 2022

Check List

github-actions bot commented Oct 21, 2022

Gradle Check (Jenkins) Run Completed with:

github-actions bot commented Oct 21, 2022

Gradle Check (Jenkins) Run Completed with:

dblock commented Oct 21, 2022

andrross commented Oct 21, 2022

github-actions bot commented Oct 21, 2022

Gradle Check (Jenkins) Run Completed with:

adnapibar Oct 21, 2022

Choose a reason for hiding this comment

andrross Oct 21, 2022

Choose a reason for hiding this comment

github-actions bot commented Oct 22, 2022

Gradle Check (Jenkins) Run Completed with:

andrross commented Oct 22, 2022

github-actions bot commented Oct 22, 2022

Gradle Check (Jenkins) Run Completed with:

github-actions bot commented Oct 22, 2022

Gradle Check (Jenkins) Run Completed with:

codecov-commenter commented Oct 22, 2022

Codecov Report