[jira] [Resolved] (ORC-2161) [C++] UnionColumnReader should reject out-of-range union tags

Gang Wu (Jira) Thu, 07 May 2026 02:48:43 -0700


     [ 
https://issues.apache.org/jira/browse/ORC-2161?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Gang Wu resolved ORC-2161.
--------------------------
    Fix Version/s: 2.2.3
                   2.3.1
       Resolution: Fixed

> [C++] UnionColumnReader should reject out-of-range union tags
> -------------------------------------------------------------
>
>                 Key: ORC-2161
>                 URL: https://issues.apache.org/jira/browse/ORC-2161
>             Project: ORC
>          Issue Type: Bug
>            Reporter: Gang Wu
>            Assignee: Gang Wu
>            Priority: Major
>             Fix For: 2.2.3, 2.3.1
>
>
> The C++ UnionColumnReader trusts union tag bytes decoded from the ORC DATA 
> stream and uses them directly as indexes into per-child count arrays. For 
> malformed ORC files, a union tag value greater than or equal to the number of 
> union children causes out-of-bounds access instead of reporting invalid input.
> This affects:
>  * UnionColumnReader::skip()
>  * UnionColumnReader::nextInternal()
>  * UnionColumnPrinter::printRow() has the same unchecked tag dispatch pattern
> The reader should validate each non-null union tag against 
> type.getSubtypeCount() and throw ParseError when the tag is invalid.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (ORC-2161) [C++] UnionColumnReader should reject out-of-range union tags

Reply via email to