[jira] [Created] (ORC-591) orc::readFully crash due to null pointer variable

Sun, 19 Jan 2020 03:13:51 -0800 

Quanlong Huang created ORC-591:
----------------------------------

             Summary: orc::readFully crash due to null pointer variable
                 Key: ORC-591
                 URL: https://issues.apache.org/jira/browse/ORC-591
             Project: ORC
          Issue Type: Bug
          Components: C++
            Reporter: Quanlong Huang
         Attachments: alltypes_uncompressed_corrupt.orc

orc::readFully() could crash due to null pointer of stream variable. Reproduce 
by using orc-scan to read the attached corrupt orc file.
{code}
Program received signal SIGSEGV, Segmentation fault.
orc::readFully (buffer=0xb11c30 "", bufferSize=10, stream=0x0) at 
/home/quanlong/workspace/orc/c++/src/ColumnReader.cc:522
522           if (!stream->Next(&chunk, &length)) {
(gdb) bt
#0  orc::readFully (buffer=0xb11c30 "", bufferSize=10, stream=0x0) at 
/home/quanlong/workspace/orc/c++/src/ColumnReader.cc:522
#1  0x00000000005f6c14 in 
orc::StringDictionaryColumnReader::StringDictionaryColumnReader 
(this=this@entry=0xb0ebc0, type=..., stripe=...) at 
/home/quanlong/workspace/orc/c++/src/ColumnReader.cc:596
#2  0x00000000005f70bb in orc::buildReader (type=..., stripe=...) at 
/home/quanlong/workspace/orc/c++/src/ColumnReader.cc:1756
#3  0x00000000005f722b in orc::StructColumnReader::StructColumnReader 
(this=this@entry=0xb0d7c0, type=..., stripe=...) at 
/home/quanlong/workspace/orc/c++/src/ColumnReader.cc:876
#4  0x00000000005f701b in orc::buildReader (type=..., stripe=...) at 
/home/quanlong/workspace/orc/c++/src/ColumnReader.cc:1787
#5  0x000000000059fd18 in orc::RowReaderImpl::startNextStripe (this=0xae3060) 
at /home/quanlong/workspace/orc/c++/src/Reader.cc:917
#6  0x00000000005a016a in orc::RowReaderImpl::next (this=0xae3060, data=...) at 
/home/quanlong/workspace/orc/c++/src/Reader.cc:932
#7  0x0000000000597a78 in scanFile (out=..., filename=<optimized out>, 
batchSize=batchSize@entry=1024) at 
/home/quanlong/workspace/orc/tools/src/FileScan.cc:39
#8  0x00000000005972f8 in main (argc=1, argv=<optimized out>) at 
/home/quanlong/workspace/orc/tools/src/FileScan.cc:84
(gdb) l
517       void readFully(char* buffer, int64_t bufferSize, SeekableInputStream* 
stream) {
518         int64_t posn = 0;
519         while (posn < bufferSize) {
520           const void* chunk;
521           int length;
522           if (!stream->Next(&chunk, &length)) {
523             throw ParseError("bad read in readFully");
524           }
525           if (posn + length > bufferSize) {
526             throw ParseError("Corrupt dictionary blob in 
StringDictionaryColumn");
{code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to