This is an automated email from the ASF dual-hosted git repository.
joemcdonnell pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/impala.git
The following commit(s) were added to refs/heads/master by this push:
new 63c435c IMPALA-9232 Potential overflow in serializeThriftMsg
63c435c is described below
commit 63c435cac11a623693402a2197efdf3b928bd349
Author: Qifan Chen <qc...@cloudera.com>
AuthorDate: Mon Oct 12 12:11:52 2020 -0400
IMPALA-9232 Potential overflow in serializeThriftMsg
This fix added a sanity check to assure the length of the buffer
holding a serialized object does not go over INT_MAX bytes.
Testing:
1. Unit testing;
2. Ran Core tests successfully.
Change-Id: Ie76028acea84dbe0e88518dae60aaf7e7ca55e9e
Reviewed-on: http://gerrit.cloudera.org:8080/16584
Reviewed-by: Tim Armstrong <tarmstr...@cloudera.com>
Tested-by: Impala Public Jenkins <impala-public-jenk...@cloudera.com>
---
be/src/rpc/jni-thrift-util.h | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/be/src/rpc/jni-thrift-util.h b/be/src/rpc/jni-thrift-util.h
index a3674ef..3262ce7 100644
--- a/be/src/rpc/jni-thrift-util.h
+++ b/be/src/rpc/jni-thrift-util.h
@@ -35,6 +35,14 @@ Status SerializeThriftMsg(JNIEnv* env, T* msg, jbyteArray*
serialized_msg) {
uint32_t size = 0;
RETURN_IF_ERROR(serializer.SerializeToBuffer(msg, &size, &buffer));
+ // Make sure that 'size' is within the limit of INT_MAX as the use of
+ // 'size' below takes int.
+ if (size > INT_MAX) {
+ return Status(strings::Substitute(
+ "The length of the serialization buffer ($0 bytes) exceeds the limit
of $1 bytes",
+ size, INT_MAX));
+ }
+
/// create jbyteArray given buffer
*serialized_msg = env->NewByteArray(size);
RETURN_ERROR_IF_EXC(env);
