[GitHub] orc pull request #224: ORC-312: fix buffer overflow in corrupt StringDiction...

stiga-huang Fri, 02 Mar 2018 22:05:35 -0800

GitHub user stiga-huang opened a pull request:

    https://github.com/apache/orc/pull/224


    ORC-312: fix buffer overflow in corrupt StringDictionaryColumn

    The crash is due to the buffer overflow in orc::readFully which only used 
in StringDictionaryColumnReader currently. The decoded length may larger than 
we expected if the file is corrupt.
    
    This patch also adds checks for the range of entry indices in 
StringDictionaryColumnReader::next.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/stiga-huang/orc fix-mem-corrupt

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/orc/pull/224.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #224
    
----
commit e3b923ce3924218a3737fbac3a97e7faaa286280
Author: stiga-huang <huangquanlong@...>
Date:   2018-03-03T05:54:35Z

    ORC-312: fix buffer overflow in corrupt StringDictionaryColumn

----


---

[GitHub] orc pull request #224: ORC-312: fix buffer overflow in corrupt StringDiction...

Reply via email to