Victor Mota created AVRO-2220:
---------------------------------
Summary: std::bad_alloc when String or Bytes field has a negative
length
Key: AVRO-2220
URL: https://issues.apache.org/jira/browse/AVRO-2220
Project: Avro
Issue Type: Bug
Components: c++
Reporter: Victor Mota
Assignee: Victor Mota
Attachments:
poc-18e554fc65b937059584f21805da4b598f2266290f19d764da2c30ca1c829d0a (3)
Attached is a sample file created by our Fuzzer running on the C++ library that
causes an std::bad_alloc due to the string or byte field having an invalid
negative integer length. The fix is trivial I'll send out a PR soon but it's
something like:
{code:java}
void BinaryDecoder::decodeString(std::string& value)
{
// Preserve the sign to avoid allocating memory if len is negative.
ssize_t len = decodeInt();
if (len < 0) {
throw Exception(
boost::format("Cannot have a string of negative length: %1%") % len);
}
value.resize(len);
if (len > 0) {
in_.readBytes(reinterpret_cast<uint8_t*>(&value[0]), len);
}
}{code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
