Bug 1115264
| Summary: | Incorrect de-serialization leading to stream corruption in Big Endian systems | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | IBM Bug Proxy <bugproxy> | ||||||||
| Component: | compress-lzf | Assignee: | gil cattaneo <puntogil> | ||||||||
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||||
| Severity: | high | Docs Contact: | |||||||||
| Priority: | unspecified | ||||||||||
| Version: | 20 | CC: | java-sig-commits, jkachuck, puntogil, wgomerin | ||||||||
| Target Milestone: | --- | ||||||||||
| Target Release: | --- | ||||||||||
| Hardware: | All | ||||||||||
| OS: | All | ||||||||||
| Whiteboard: | |||||||||||
| Fixed In Version: | compress-lzf-0.9.8-2.fc20 | Doc Type: | Bug Fix | ||||||||
| Doc Text: | Story Points: | --- | |||||||||
| Clone Of: | Environment: | ||||||||||
| Last Closed: | 2014-07-11 02:02:16 UTC | Type: | --- | ||||||||
| Regression: | --- | Mount Type: | --- | ||||||||
| Documentation: | --- | CRM: | |||||||||
| Verified Versions: | Category: | --- | |||||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||
| Embargoed: | |||||||||||
| Attachments: |
|
||||||||||
|
Description
IBM Bug Proxy
2014-07-02 05:00:25 UTC
== Comment: #0 - Kamalesh Babulal <kamaleshb.com> - 2014-06-17 05:25:06 == Attached test case (runnable in a SPARK environment using hadoop libraries in the classpath, can provide a stand-alone test case if need be) fails with an error: java.io.InvalidClassException: org.apache.spark.SerializableWritable; local class incompatible: stream classdesc serialVersionUID = 6301214776158303468, local class serialVersionUID = -7785455416944904980 This issue has been reported upstream also https://github.com/ning/compress/issues/37 (attached the call-stack) == Comment: #2 - Kamalesh Babulal <kamaleshb.com> - 2014-06-17 05:34:10 == LZF compression algorithm compress in-memory streams, which is endian-specific. Peer class UnsafeChunkEncoderLE has a fool-proof compression logic, while UnsafeChunkEncoderBE.java incorrectly computes the distance between two byte sequences in the stream, leading to corrupting the serialVersionUID field of the object data. This patch fixes the issue UnsafeChunkEncoderBE.java. We tired this patch locally and it resolves the issue. Created attachment 913983 [details]
testcase
default comment by bridge
Created attachment 913984 [details]
call stack
default comment by bridge
Created attachment 913985 [details]
[RFC Patch] Fix SUID issue in LZF compression.
default comment by bridge
Thanks for the patch should be resolved in compress-lzf-0.9.8-2.fc20 compress-lzf-0.9.8-3.fc21 compress-lzf-0.9.8-2.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/compress-lzf-0.9.8-2.fc20 Package compress-lzf-0.9.8-2.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing compress-lzf-0.9.8-2.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-8014/compress-lzf-0.9.8-2.fc20 then log in and leave karma (feedback). compress-lzf-0.9.8-2.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. ------- Comment From kamaleshb.com 2014-08-04 13:48 EDT------- Can you please let us know, if this patch is consider for Fedora21 ? (In reply to IBM Bug Proxy from comment #9) > ------- Comment From kamaleshb.com 2014-08-04 13:48 EDT------- > Can you please let us know, if this patch is consider for Fedora21 ? Was applied also for F20 http://pkgs.fedoraproject.org/cgit/compress-lzf.git/ |