[jira] [Assigned] (ORC-591) orc::readFully crash due to null pointer variable

[Quanlong Huang (Jira)]

     [ 
https://issues.apache.org/jira/browse/ORC-591?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Quanlong Huang reassigned ORC-591:
----------------------------------

    Assignee: Quanlong Huang

> orc::readFully crash due to null pointer variable
> -------------------------------------------------
>
>                 Key: ORC-591
>                 URL: https://issues.apache.org/jira/browse/ORC-591
>             Project: ORC
>          Issue Type: Bug
>          Components: C++
>            Reporter: Quanlong Huang
>            Assignee: Quanlong Huang
>            Priority: Major
>         Attachments: alltypes_uncompressed_corrupt.orc
>
>
> orc::readFully() could crash due to null pointer of stream variable. 
> Reproduce by using orc-scan to read the attached corrupt orc file.
> {code}
> Program received signal SIGSEGV, Segmentation fault.
> orc::readFully (buffer=0xb11c30 "", bufferSize=10, stream=0x0) at 
> /home/quanlong/workspace/orc/c++/src/ColumnReader.cc:522
> 522         if (!stream->Next(&chunk, &length)) {
> (gdb) bt
> #0  orc::readFully (buffer=0xb11c30 "", bufferSize=10, stream=0x0) at 
> /home/quanlong/workspace/orc/c++/src/ColumnReader.cc:522
> #1  0x00000000005f6c14 in 
> orc::StringDictionaryColumnReader::StringDictionaryColumnReader 
> (this=this@entry=0xb0ebc0, type=..., stripe=...) at 
> /home/quanlong/workspace/orc/c++/src/ColumnReader.cc:596
> #2  0x00000000005f70bb in orc::buildReader (type=..., stripe=...) at 
> /home/quanlong/workspace/orc/c++/src/ColumnReader.cc:1756
> #3  0x00000000005f722b in orc::StructColumnReader::StructColumnReader 
> (this=this@entry=0xb0d7c0, type=..., stripe=...) at 
> /home/quanlong/workspace/orc/c++/src/ColumnReader.cc:876
> #4  0x00000000005f701b in orc::buildReader (type=..., stripe=...) at 
> /home/quanlong/workspace/orc/c++/src/ColumnReader.cc:1787
> #5  0x000000000059fd18 in orc::RowReaderImpl::startNextStripe (this=0xae3060) 
> at /home/quanlong/workspace/orc/c++/src/Reader.cc:917
> #6  0x00000000005a016a in orc::RowReaderImpl::next (this=0xae3060, data=...) 
> at /home/quanlong/workspace/orc/c++/src/Reader.cc:932
> #7  0x0000000000597a78 in scanFile (out=..., filename=<optimized out>, 
> batchSize=batchSize@entry=1024) at 
> /home/quanlong/workspace/orc/tools/src/FileScan.cc:39
> #8  0x00000000005972f8 in main (argc=1, argv=<optimized out>) at 
> /home/quanlong/workspace/orc/tools/src/FileScan.cc:84
> (gdb) l
> 517     void readFully(char* buffer, int64_t bufferSize, SeekableInputStream* 
> stream) {
> 518       int64_t posn = 0;
> 519       while (posn < bufferSize) {
> 520         const void* chunk;
> 521         int length;
> 522         if (!stream->Next(&chunk, &length)) {
> 523           throw ParseError("bad read in readFully");
> 524         }
> 525         if (posn + length > bufferSize) {
> 526           throw ParseError("Corrupt dictionary blob in 
> StringDictionaryColumn");
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)