tanishq-chugh commented on code in PR #5837:
URL: https://github.com/apache/hive/pull/5837#discussion_r2123759801
##########
ql/src/java/org/apache/hadoop/hive/ql/exec/vector/expressions/VectorUDFDayOfWeekString.java:
##########
@@ -49,15 +41,16 @@ public VectorUDFDayOfWeekString() {
@Override
protected long getField(byte[] bytes, int start, int length) throws
ParseException {
- Date date = null;
try {
String decoded = Text.decode(bytes, start, length);
- date = format.parse(decoded);
+ Date date = DateParser.parseDate(decoded.toString());
+ if (date == null) {
+ throw new ParseException("Unable to parse date string: " + decoded, 0);
Review Comment:
Yes, this could have led to a potential CVE. i'll remove the `decoded`
string being exposed in the exception.
Thanks for catching this @okumin !
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org
For additional commands, e-mail: gitbox-h...@hive.apache.org
