This is an automated email from the ASF dual-hosted git repository. joemcdonnell pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/impala.git
The following commit(s) were added to refs/heads/master by this push: new 63c435c IMPALA-9232 Potential overflow in serializeThriftMsg 63c435c is described below commit 63c435cac11a623693402a2197efdf3b928bd349 Author: Qifan Chen <qc...@cloudera.com> AuthorDate: Mon Oct 12 12:11:52 2020 -0400 IMPALA-9232 Potential overflow in serializeThriftMsg This fix added a sanity check to assure the length of the buffer holding a serialized object does not go over INT_MAX bytes. Testing: 1. Unit testing; 2. Ran Core tests successfully. Change-Id: Ie76028acea84dbe0e88518dae60aaf7e7ca55e9e Reviewed-on: http://gerrit.cloudera.org:8080/16584 Reviewed-by: Tim Armstrong <tarmstr...@cloudera.com> Tested-by: Impala Public Jenkins <impala-public-jenk...@cloudera.com> --- be/src/rpc/jni-thrift-util.h | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/be/src/rpc/jni-thrift-util.h b/be/src/rpc/jni-thrift-util.h index a3674ef..3262ce7 100644 --- a/be/src/rpc/jni-thrift-util.h +++ b/be/src/rpc/jni-thrift-util.h @@ -35,6 +35,14 @@ Status SerializeThriftMsg(JNIEnv* env, T* msg, jbyteArray* serialized_msg) { uint32_t size = 0; RETURN_IF_ERROR(serializer.SerializeToBuffer(msg, &size, &buffer)); + // Make sure that 'size' is within the limit of INT_MAX as the use of + // 'size' below takes int. + if (size > INT_MAX) { + return Status(strings::Substitute( + "The length of the serialization buffer ($0 bytes) exceeds the limit of $1 bytes", + size, INT_MAX)); + } + /// create jbyteArray given buffer *serialized_msg = env->NewByteArray(size); RETURN_ERROR_IF_EXC(env);