abtom87 commented on code in PR #49813:
URL: https://github.com/apache/arrow/pull/49813#discussion_r3132982280
##########
cpp/src/gandiva/precompiled/string_ops.cc:
##########
@@ -1924,9 +1924,19 @@ const char* quote_utf8(gdv_int64 context, const char*
in, gdv_int32 in_len,
*out_len = 0;
return "";
}
+
+ int32_t alloc_length = 0;
+ // Check overflow: 2 * in_len
+ if (ARROW_PREDICT_FALSE(
+ arrow::internal::MultiplyWithOverflow(2, in_len, &alloc_length))) {
+ gdv_fn_context_set_error_msg(context, "Would overflow maximum output
size");
+ *out_len = 0;
+ return "";
+ }
+
// try to allocate double size output string (worst case)
auto out =
- reinterpret_cast<char*>(gdv_fn_context_arena_malloc(context, (in_len *
2) + 2));
+ reinterpret_cast<char*>(gdv_fn_context_arena_malloc(context,
alloc_length + 2));
if (out == nullptr) {
Review Comment:
[These
lines](https://github.com/apache/arrow/pull/49813/changes#diff-5ff5613d9197d241b143fb7de004908f93104393f67a83e1c20d1ddd39b4a179R1927-R1934)
check for the suggested overflow. using the `AddwithOverflow` method.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
