ASF GitHub Bot commented on ORC-312:

GitHub user stiga-huang opened a pull request:


    ORC-312: fix buffer overflow in corrupt StringDictionaryColumn

    The crash is due to the buffer overflow in orc::readFully which only used 
in StringDictionaryColumnReader currently. The decoded length may larger than 
we expected if the file is corrupt.
    This patch also adds checks for the range of entry indices in 

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/stiga-huang/orc fix-mem-corrupt

Alternatively you can review and apply these changes as the patch at:


To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #224
commit e3b923ce3924218a3737fbac3a97e7faaa286280
Author: stiga-huang <huangquanlong@...>
Date:   2018-03-03T05:54:35Z

    ORC-312: fix buffer overflow in corrupt StringDictionaryColumn


> C++ Reader crash for corrupt memory
> -----------------------------------
>                 Key: ORC-312
>                 URL: https://issues.apache.org/jira/browse/ORC-312
>             Project: ORC
>          Issue Type: Bug
>          Components: C++
>    Affects Versions: 1.0.0, 1.1.2, 1.2.3, 1.3.4, 1.4.3
>            Reporter: Quanlong Huang
>            Priority: Major
>         Attachments: free_error1.orc, free_error2.orc, origin.orc
> The c++ reader crashes on two corrupt files (see attachments).
> {code}
> $ build/tools/src/orc-scan free_error1.orc 
> Rows: 310
> Batches: 1
> *** Error in `build/tools/src/orc-scan': free(): invalid next size (normal): 
> 0x0000000001564170 ***
> Aborted (core dumped)
> $ build/tools/src/orc-scan free_error2.orc 
> *** Error in `build/tools/src/orc-scan': free(): invalid next size (normal): 
> 0x0000000001906170 ***
> Aborted (core dumped)
> {code}

This message was sent by Atlassian JIRA

Reply via email to