From 0138f65365b58cd4277a2a5bdbe50efdf51b3cf7 Mon Sep 17 00:00:00 2001
From: arvindksi274-ksolves <arvind.kandpal@ksolves.com>
Date: Fri, 6 Feb 2026 17:10:15 +0530
Subject: [PATCH] CASSANDRA-21150: Handle IndexOutOfBoundsException from new
 LZ4 library

The replacement of org.lz4 with at.yawk.lz4 (for CVE-2025-12183) changed behavior during decompression of corrupt data. The new safe implementation throws IndexOutOfBoundsException instead of LZ4Exception. This commit catches both exceptions to ensure corruption is correctly detected and wrapped as IOException.
---
 src/java/org/apache/cassandra/io/compress/LZ4Compressor.java | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/java/org/apache/cassandra/io/compress/LZ4Compressor.java b/src/java/org/apache/cassandra/io/compress/LZ4Compressor.java
index be01eb534b81..8d75421a57a7 100644
--- a/src/java/org/apache/cassandra/io/compress/LZ4Compressor.java
+++ b/src/java/org/apache/cassandra/io/compress/LZ4Compressor.java
@@ -153,7 +153,7 @@ public int uncompress(byte[] input, int inputOffset, int inputLength, byte[] out
                                                     outputOffset,
                                                     decompressedLength);
         }
-        catch (LZ4Exception e)
+        catch (LZ4Exception | IndexOutOfBoundsException e)
         {
             throw new IOException(e);
         }
@@ -180,7 +180,7 @@ public void uncompress(ByteBuffer input, ByteBuffer output) throws IOException
             input.position(input.position() + compressedLength);
             output.position(output.position() + decompressedLength);
         }
-        catch (LZ4Exception e)
+        catch (LZ4Exception | IndexOutOfBoundsException e)
         {
             throw new IOException(e);
         }