rootvector2 opened a new pull request, #3814:
URL: https://github.com/apache/avro/pull/3814
## What is the purpose of the change
`read_value` reads an enum's symbol index from the wire with `read_long` and
stores it through `avro_value_set_enum` without checking it against the
schema's symbol count, so a negative or out-of-range index from an untrusted
Avro file or datum is kept as-is and later reaches `avro_schema_enum_get`,
where an `st_lookup` miss leaves the returned `char *` uninitialized and the
json writer dereferences it. The union branch directly above already
range-checks its discriminant, and the C++ `ValidatingDecoder` does the same
for enums, so apply the matching check and return `EINVAL` before the bad index
is stored.
## Verifying this change
This change added tests and can be verified as follows:
- extended the `test_avro_values` enum test to read an out-of-range symbol
index (`{0xC6, 0x01}` against a 4-symbol enum); it fails on the unpatched tree
and passes with the fix, and the full `ctest` suite stays green
## Documentation
- Does this pull request introduce a new feature? no
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
