This is an automated email from the ASF dual-hosted git repository.
yiguolei pushed a commit to branch branch-1.1-lts
in repository https://gitbox.apache.org/repos/asf/doris.git
The following commit(s) were added to refs/heads/branch-1.1-lts by this push:
new 8c3c29445f [BugFix](function) fix reverse function dynamic buffer
overflow due to illegal character #13851
8c3c29445f is described below
commit 8c3c29445f9607960b209070e5d4a25bfd7255d7
Author: AlexYue <[email protected]>
AuthorDate: Tue Nov 1 14:10:16 2022 +0800
[BugFix](function) fix reverse function dynamic buffer overflow due to
illegal character #13851
---
be/src/util/simd/vstring_function.h | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/be/src/util/simd/vstring_function.h
b/be/src/util/simd/vstring_function.h
index c4b268fcf7..273f259e62 100644
--- a/be/src/util/simd/vstring_function.h
+++ b/be/src/util/simd/vstring_function.h
@@ -144,7 +144,15 @@ public:
} else {
for (size_t i = 0, char_size = 0; i < str.len; i += char_size) {
char_size = get_utf8_byte_length((unsigned)(str.ptr)[i]);
- std::copy(str.ptr + i, str.ptr + i + char_size, dst.ptr +
str.len - i - char_size);
+ // there exists occasion where the last character is an
illegal UTF-8 one which returns
+ // a char_size larger than the actual space, which would cause
offset execeeding the buffer range
+ // for example, consider str.len=4, i = 3, then the last char
returns char_size 2, then
+ // the str.ptr + offset would exceed the buffer range
+ size_t offset = i + char_size;
+ if (offset > str.len) {
+ offset = str.len;
+ }
+ std::copy(str.ptr + i, str.ptr + offset, dst.ptr + str.len -
offset);
}
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
