Paul Rogers created DRILL-5162:
----------------------------------
Summary: Overflow error in variable-length vector setSafe method
Key: DRILL-5162
URL: https://issues.apache.org/jira/browse/DRILL-5162
Project: Apache Drill
Issue Type: Bug
Affects Versions: 1.8.0
Reporter: Paul Rogers
Assignee: Paul Rogers
Priority: Minor
The variable-length vectors {{setSafe()}} contains an off-by-one error that
causes an {{IndexOutOfBoundsException}}. Consider the current code (as
generated for {{VarCharVector}}):
{code}
public void setSafe(int index, byte[] bytes) {
assert index >= 0;
final int currentOffset = offsetVector.getAccessor().get(index);
while (data.capacity() < currentOffset + bytes.length) {
reAlloc();
}
offsetVector.getMutator().setSafe(index + 1, currentOffset +
bytes.length);
data.setBytes(currentOffset, bytes, 0, bytes.length);
}
{code}
Suppose the vector has capacity. The {{while}} statement does nothing. The
{{setSafe}} method is called to extend the offset vector if needed and set the
value. Then we set the data in the data vector. All good.
Suppose the vector is empty. The offset vector is also empty. Look carefully at
what happens. The call to {{offsetVector.getAccessor().get(index)}} requests
the offset at index 0. But, there is no such index; the offset vector is empty.
The result is an index-out-of-bounds exception.
The same problem can occur if the offset vector has capacity for n values and
we try to write the n+1st value.
Since this is a "safe" method, expected the variable length vector to safely
extend the offset vector as well as the data vector.
This is a minor severity because, evidently, no code uses this path and so no
existing code found this error. It was discovered in attempting to extend the
mock data generator.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
