[GitHub] [zookeeper] sonatype-lift[bot] commented on a diff in pull request #1903: ZOOKEEPER-4572: Encapsulate processConnectRequest not to take bytebuffer

GitBox Fri, 08 Jul 2022 21:42:40 -0700


sonatype-lift[bot] commented on code in PR #1903:
URL: https://github.com/apache/zookeeper/pull/1903#discussion_r917220599



##########
zookeeper-server/src/main/java/org/apache/zookeeper/server/NIOServerCnxn.java:
##########
@@ -427,11 +428,13 @@ public void enableRecv() {
         }
     }
 
-    private void readConnectRequest() throws IOException, 
InterruptedException, ClientCnxnLimitException {
+    private void readConnectRequest() throws IOException, 
ClientCnxnLimitException {
         if (!isZKServerRunning()) {
             throw new IOException("ZooKeeperServer not running");
         }
-        zkServer.processConnectRequest(this, incomingBuffer);
+        BinaryInputArchive bia = BinaryInputArchive.getArchive(new 
ByteBufferInputStream(incomingBuffer));

Review Comment:
   *RESOURCE_LEAK:*  resource of type 
`org.apache.zookeeper.server.ByteBufferInputStream` acquired by call to `new()` 
at line 435 is not released after line 435.
   
   Reply with *"**@sonatype-lift help**"* for info about LiftBot commands.
   Reply with *"**@sonatype-lift ignore**"* to tell LiftBot to leave out the 
above finding from this PR.
   Reply with *"**@sonatype-lift ignoreall**"* to tell LiftBot to leave out all 
the findings from this PR and from the status bar in Github.
   
   When talking to LiftBot, you need to **refresh** the page to see its 
response. [Click here](https://help.sonatype.com/lift/talking-to-lift) to get 
to know more about LiftBot commands.
   
   ---
   
   Was this a good recommendation?
   [ [🙁 Not 
relevant](https://www.sonatype.com/lift-comment-rating?comment=294713474&lift_comment_rating=1)
 ] - [ [😕 Won't 
fix](https://www.sonatype.com/lift-comment-rating?comment=294713474&lift_comment_rating=2)
 ] - [ [😑 Not critical, will 
fix](https://www.sonatype.com/lift-comment-rating?comment=294713474&lift_comment_rating=3)
 ] - [ [🙂 Critical, will 
fix](https://www.sonatype.com/lift-comment-rating?comment=294713474&lift_comment_rating=4)
 ] - [ [😊 Critical, fixing 
now](https://www.sonatype.com/lift-comment-rating?comment=294713474&lift_comment_rating=5)
 ]



##########
zookeeper-server/src/main/java/org/apache/zookeeper/server/ZooKeeperServer.java:
##########
@@ -1405,31 +1401,31 @@ public void processConnectRequest(ServerCnxn cnxn, 
ByteBuffer incomingBuffer)

Review Comment:
   *THREAD_SAFETY_VIOLATION:*  Read/Write race. Non-private method 
`ZooKeeperServer.processConnectRequest(...)` reads without synchronization from 
`this.localSessionEnabled`. Potentially races with write in method 
`ZooKeeperServer.startupWithoutServing()`.
    Reporting because another access to the same memory occurs on a background 
thread, although this access may not.
   
   Reply with *"**@sonatype-lift help**"* for info about LiftBot commands.
   Reply with *"**@sonatype-lift ignore**"* to tell LiftBot to leave out the 
above finding from this PR.
   Reply with *"**@sonatype-lift ignoreall**"* to tell LiftBot to leave out all 
the findings from this PR and from the status bar in Github.
   
   When talking to LiftBot, you need to **refresh** the page to see its 
response. [Click here](https://help.sonatype.com/lift/talking-to-lift) to get 
to know more about LiftBot commands.
   
   ---
   
   Was this a good recommendation?
   [ [🙁 Not 
relevant](https://www.sonatype.com/lift-comment-rating?comment=294713624&lift_comment_rating=1)
 ] - [ [😕 Won't 
fix](https://www.sonatype.com/lift-comment-rating?comment=294713624&lift_comment_rating=2)
 ] - [ [😑 Not critical, will 
fix](https://www.sonatype.com/lift-comment-rating?comment=294713624&lift_comment_rating=3)
 ] - [ [🙂 Critical, will 
fix](https://www.sonatype.com/lift-comment-rating?comment=294713624&lift_comment_rating=4)
 ] - [ [😊 Critical, fixing 
now](https://www.sonatype.com/lift-comment-rating?comment=294713624&lift_comment_rating=5)
 ]



##########
zookeeper-server/src/main/java/org/apache/zookeeper/server/NIOServerCnxn.java:
##########
@@ -427,11 +428,13 @@ public void enableRecv() {
         }
     }
 
-    private void readConnectRequest() throws IOException, 
InterruptedException, ClientCnxnLimitException {
+    private void readConnectRequest() throws IOException, 
ClientCnxnLimitException {
         if (!isZKServerRunning()) {
             throw new IOException("ZooKeeperServer not running");
         }
-        zkServer.processConnectRequest(this, incomingBuffer);
+        BinaryInputArchive bia = BinaryInputArchive.getArchive(new 
ByteBufferInputStream(incomingBuffer));
+        ConnectRequest request = 
protocolManager.deserializeConnectRequest(bia);

Review Comment:
   *RESOURCE_LEAK:*  resource of type `java.io.DataInputStream` acquired by 
call to `getArchive(...)` at line 435 is not released after line 436.
   
   Reply with *"**@sonatype-lift help**"* for info about LiftBot commands.
   Reply with *"**@sonatype-lift ignore**"* to tell LiftBot to leave out the 
above finding from this PR.
   Reply with *"**@sonatype-lift ignoreall**"* to tell LiftBot to leave out all 
the findings from this PR and from the status bar in Github.
   
   When talking to LiftBot, you need to **refresh** the page to see its 
response. [Click here](https://help.sonatype.com/lift/talking-to-lift) to get 
to know more about LiftBot commands.
   
   ---
   
   Was this a good recommendation?
   [ [🙁 Not 
relevant](https://www.sonatype.com/lift-comment-rating?comment=294713878&lift_comment_rating=1)
 ] - [ [😕 Won't 
fix](https://www.sonatype.com/lift-comment-rating?comment=294713878&lift_comment_rating=2)
 ] - [ [😑 Not critical, will 
fix](https://www.sonatype.com/lift-comment-rating?comment=294713878&lift_comment_rating=3)
 ] - [ [🙂 Critical, will 
fix](https://www.sonatype.com/lift-comment-rating?comment=294713878&lift_comment_rating=4)
 ] - [ [😊 Critical, fixing 
now](https://www.sonatype.com/lift-comment-rating?comment=294713878&lift_comment_rating=5)
 ]



##########
zookeeper-server/src/main/java/org/apache/zookeeper/server/ZooKeeperServer.java:
##########
@@ -1405,31 +1401,31 @@ public void processConnectRequest(ServerCnxn cnxn, 
ByteBuffer incomingBuffer)
         
ServerMetrics.getMetrics().CONNECTION_TOKEN_DEFICIT.add(connThrottle.getDeficit());
         ServerMetrics.getMetrics().CONNECTION_REQUEST_COUNT.add(1);
 
-        if (cnxn.protocolManager.isReadonlyAvailable()) {
+        if (!cnxn.protocolManager.isReadonlyAvailable()) {
             LOG.warn(
                 "Connection request from old client {}; will be dropped if 
server is in r-o mode",
                 cnxn.getRemoteSocketAddress());
         }
 
-        if (!connReq.getReadOnly() && this instanceof ReadOnlyZooKeeperServer) 
{
+        if (!request.getReadOnly() && this instanceof ReadOnlyZooKeeperServer) 
{
             String msg = "Refusing session request for not-read-only client " 
+ cnxn.getRemoteSocketAddress();
             LOG.info(msg);
             throw new CloseRequestException(msg, 
ServerCnxn.DisconnectReason.NOT_READ_ONLY_CLIENT);
         }
-        if (connReq.getLastZxidSeen() > zkDb.dataTree.lastProcessedZxid) {
+        if (request.getLastZxidSeen() > zkDb.dataTree.lastProcessedZxid) {

Review Comment:
   *THREAD_SAFETY_VIOLATION:*  Read/Write race. Non-private method 
`ZooKeeperServer.processConnectRequest(...)` reads without synchronization from 
`this.zkDb.dataTree`. Potentially races with write in method 
`ZooKeeperServer.shutdown(...)`.
    Reporting because another access to the same memory occurs on a background 
thread, although this access may not.
   
   Reply with *"**@sonatype-lift help**"* for info about LiftBot commands.
   Reply with *"**@sonatype-lift ignore**"* to tell LiftBot to leave out the 
above finding from this PR.
   Reply with *"**@sonatype-lift ignoreall**"* to tell LiftBot to leave out all 
the findings from this PR and from the status bar in Github.
   
   When talking to LiftBot, you need to **refresh** the page to see its 
response. [Click here](https://help.sonatype.com/lift/talking-to-lift) to get 
to know more about LiftBot commands.
   
   ---
   
   Was this a good recommendation?
   [ [🙁 Not 
relevant](https://www.sonatype.com/lift-comment-rating?comment=294714018&lift_comment_rating=1)
 ] - [ [😕 Won't 
fix](https://www.sonatype.com/lift-comment-rating?comment=294714018&lift_comment_rating=2)
 ] - [ [😑 Not critical, will 
fix](https://www.sonatype.com/lift-comment-rating?comment=294714018&lift_comment_rating=3)
 ] - [ [🙂 Critical, will 
fix](https://www.sonatype.com/lift-comment-rating?comment=294714018&lift_comment_rating=4)
 ] - [ [😊 Critical, fixing 
now](https://www.sonatype.com/lift-comment-rating?comment=294714018&lift_comment_rating=5)
 ]



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

[GitHub] [zookeeper] sonatype-lift[bot] commented on a diff in pull request #1903: ZOOKEEPER-4572: Encapsulate processConnectRequest not to take bytebuffer

Reply via email to