[
https://issues.apache.org/jira/browse/ORC-2167?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Hao Zou reassigned ORC-2167:
----------------------------
Assignee: Hao Zou
> Integer Overflow in PostScript Footer Length Validation Causes Crash
> ---------------------------------------------------------------------
>
> Key: ORC-2167
> URL: https://issues.apache.org/jira/browse/ORC-2167
> Project: ORC
> Issue Type: Improvement
> Components: C++, Format
> Reporter: Hao Zou
> Assignee: Hao Zou
> Priority: Major
>
> When parsing an ORC file with an extremely large footer_length value in the
> PostScript (e.g., UINT64_MAX), the C++ reader crashes with SIGBUS due to an
> integer overflow in the bounds check.
> The check fileLength_ < metadataSize + footerLength + postscriptLength_ + 1
> uses unsigned addition that can overflow. When footerLength is near
> UINT64_MAX, the sum wraps around to a small value, bypassing the validation.
> Subsequently, the metadataStart calculation also overflows, leading to an
> invalid offset and memory access violation.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
