[GitHub] orc pull request #309: ORC-403: [C++] Add checks to avoid negative offsets i...
GitHub user stiga-huang opened a pull request: https://github.com/apache/orc/pull/309 ORC-403: [C++] Add checks to avoid negative offsets in InputStream You can merge this pull request into a Git repository by running: $ git pull https://github.com/stiga-huang/orc check-offsets Alternatively you can review and apply these changes as the patch at: https://github.com/apache/orc/pull/309.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #309 commit 3a0e6ebc149375e424ef8d8155a774a910875a83 Author: stiga-huang Date: 2018-09-15T07:35:22Z ORC-403: [C++] Add checks to avoid negative offset in InputStream ---
[jira] [Created] (ORC-403) Should check PostScript length before serializing it
Quanlong Huang created ORC-403: -- Summary: Should check PostScript length before serializing it Key: ORC-403 URL: https://issues.apache.org/jira/browse/ORC-403 Project: ORC Issue Type: Bug Components: C++ Reporter: Quanlong Huang Assignee: Quanlong Huang A malformed ORC file may have a postscript length larger than the file size, which causes orc:: readPostscript to read unexpected data. {code} std::unique_ptr postscript = std::unique_ptr(new proto::PostScript()); if (!postscript->ParseFromArray(ptr + readSize - 1 - postscriptSize, static_cast(postscriptSize))) { throw ParseError("Failed to parse the postscript from " + stream->getName()); } {code} We should make sure readSize - 1 - postscriptSize >= 0. -- This message was sent by Atlassian JIRA (v7.6.3#76005)