[ https://issues.apache.org/jira/browse/AVRO-2220?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16635848#comment-16635848 ]
ASF GitHub Bot commented on AVRO-2220: -------------------------------------- thiru-apache closed pull request #339: AVRO-2220 Handled possible negative lengths in data in decoder URL: https://github.com/apache/avro/pull/339 ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > std::bad_alloc when String or Bytes field has a negative length > --------------------------------------------------------------- > > Key: AVRO-2220 > URL: https://issues.apache.org/jira/browse/AVRO-2220 > Project: Avro > Issue Type: Bug > Components: c++ > Reporter: Victor Mota > Assignee: Victor Mota > Priority: Major > Attachments: > poc-18e554fc65b937059584f21805da4b598f2266290f19d764da2c30ca1c829d0a (3) > > > Attached is a sample file created by our Fuzzer running on the C++ library > that causes an std::bad_alloc due to the string or byte field having an > invalid negative integer length. The fix is trivial I'll send out a PR soon > but it's something like: > > {code:java} > void BinaryDecoder::decodeString(std::string& value) > { > // Preserve the sign to avoid allocating memory if len is negative. > ssize_t len = decodeInt(); > if (len < 0) { > throw Exception( > boost::format("Cannot have a string of negative length: %1%") % len); > } > value.resize(len); > if (len > 0) { > in_.readBytes(reinterpret_cast<uint8_t*>(&value[0]), len); > } > }{code} -- This message was sent by Atlassian JIRA (v7.6.3#76005)