This is an automated email from the ASF dual-hosted git repository.
mgrigorov pushed a commit to branch branch-1.11
in repository https://gitbox.apache.org/repos/asf/avro.git
The following commit(s) were added to refs/heads/branch-1.11 by this push:
new 565a8f77e Fix possible heap-buffer-overflow (#1779)
565a8f77e is described below
commit 565a8f77e66402da40bc6e2783549383923e817c
Author: Kruglov Pavel <[email protected]>
AuthorDate: Mon Jul 25 21:42:55 2022 +0200
Fix possible heap-buffer-overflow (#1779)
(cherry picked from commit 4465d88d8eb8a89d4adffb7506393416dd3a964f)
---
lang/c++/impl/DataFile.cc | 3 +++
1 file changed, 3 insertions(+)
diff --git a/lang/c++/impl/DataFile.cc b/lang/c++/impl/DataFile.cc
index b0c574630..966eff853 100644
--- a/lang/c++/impl/DataFile.cc
+++ b/lang/c++/impl/DataFile.cc
@@ -391,6 +391,9 @@ void DataFileReaderBase::readDataBlock() {
compressed_.insert(compressed_.end(), data, data + len);
}
len = compressed_.size();
+ if (len < 4)
+ throw Exception("Cannot read compressed data, expected at least 4
bytes, got " + std::to_string(len));
+
int b1 = compressed_[len - 4] & 0xFF;
int b2 = compressed_[len - 3] & 0xFF;
int b3 = compressed_[len - 2] & 0xFF;
