[jira] [Created] (ORC-403) Should check PostScript length before serializing it

Quanlong Huang (JIRA) Sat, 15 Sep 2018 00:30:58 -0700

Quanlong Huang created ORC-403:
----------------------------------

             Summary: Should check PostScript length before serializing it
                 Key: ORC-403
                 URL: https://issues.apache.org/jira/browse/ORC-403
             Project: ORC
          Issue Type: Bug
          Components: C++
            Reporter: Quanlong Huang
            Assignee: Quanlong Huang



A malformed ORC file may have a postscript length larger than the file size, 
which causes orc:: readPostscript to read unexpected data.
{code}
    std::unique_ptr<proto::PostScript> postscript =
      std::unique_ptr<proto::PostScript>(new proto::PostScript());
    if (!postscript->ParseFromArray(ptr + readSize - 1 - postscriptSize,
                                   static_cast<int>(postscriptSize))) {
      throw ParseError("Failed to parse the postscript from " +
                       stream->getName());
    }
{code}
We should make sure readSize - 1 - postscriptSize >= 0.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (ORC-403) Should check PostScript length before serializing it

Reply via email to