This is an automated email from the ASF dual-hosted git repository.
mgrigorov pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/avro.git
The following commit(s) were added to refs/heads/master by this push:
new 4465d88d8 Fix possible heap-buffer-overflow (#1779)
4465d88d8 is described below
commit 4465d88d8eb8a89d4adffb7506393416dd3a964f
Author: Kruglov Pavel <[email protected]>
AuthorDate: Mon Jul 25 21:42:55 2022 +0200
Fix possible heap-buffer-overflow (#1779)
---
lang/c++/impl/DataFile.cc | 3 +++
1 file changed, 3 insertions(+)
diff --git a/lang/c++/impl/DataFile.cc b/lang/c++/impl/DataFile.cc
index 32f27ff22..f215f95b1 100644
--- a/lang/c++/impl/DataFile.cc
+++ b/lang/c++/impl/DataFile.cc
@@ -394,6 +394,9 @@ void DataFileReaderBase::readDataBlock() {
compressed_.insert(compressed_.end(), data, data + len);
}
len = compressed_.size();
+ if (len < 4)
+ throw Exception("Cannot read compressed data, expected at least 4
bytes, got " + std::to_string(len));
+
int b1 = compressed_[len - 4] & 0xFF;
int b2 = compressed_[len - 3] & 0xFF;
int b3 = compressed_[len - 2] & 0xFF;
