[
https://issues.apache.org/jira/browse/AVRO-3587?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Martin Tzvetanov Grigorov resolved AVRO-3587.
---------------------------------------------
Fix Version/s: 1.11.1
1.12.0
Assignee: Martin Tzvetanov Grigorov
Resolution: Fixed
> C: Fix possible heap-buffer-overflow in
> avro::DataFileReaderBase::readDataBlock()
> ----------------------------------------------------------------------------------
>
> Key: AVRO-3587
> URL: https://issues.apache.org/jira/browse/AVRO-3587
> Project: Apache Avro
> Issue Type: Bug
> Components: c
> Reporter: Martin Tzvetanov Grigorov
> Assignee: Martin Tzvetanov Grigorov
> Priority: Major
> Fix For: 1.11.1, 1.12.0
>
>
> Fix possible heap-buffer-overflow in
> avro::DataFileReaderBase::readDataBlock() while reading bad data.
> This error was found by stress tests in ClickHouse under address sanitizer:
> https://github.com/ClickHouse/ClickHouse/issues/33652
> Stacktrace:
> ```
> ==549==ERROR: AddressSanitizer: heap-buffer-overflow on address
> 0x60200037c8cc at pc 0x000034e6e371 bp 0x7fc5a2e97e50 sp 0x7fc5a2e97e48
> READ of size 1 at 0x60200037c8cc thread T553 (QueryPipelineEx)
> #0 0x34e6e370 in avro::DataFileReaderBase::readDataBlock()
> obj-x86_64-linux-gnu/../contrib/avro/lang/c++/impl/DataFile.cc:418:18
> #1 0x34e70485 in avro::DataFileReaderBase::hasMore()
> obj-x86_64-linux-gnu/../contrib/avro/lang/c++/impl/DataFile.cc:338:9
> ...
> ```
> You can find an example of corrupted file here:
> https://drive.google.com/file/d/1pEZk3cbWiPvFCbTnndTO5YbQameZ1Jt2/view?usp=sharing
> Reading this corrupted file under address sanitizer leads to
> heap-buffer-overflow.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
