[GitHub] orc pull request #309: ORC-403: [C++] Add checks to avoid negative offsets i...

[stiga-huang]

GitHub user stiga-huang opened a pull request:

https://github.com/apache/orc/pull/309

ORC-403: [C++] Add checks to avoid negative offsets in InputStream



You can merge this pull request into a Git repository by running:

$ git pull https://github.com/stiga-huang/orc check-offsets

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/orc/pull/309.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #309


commit 3a0e6ebc149375e424ef8d8155a774a910875a83
Author: stiga-huang 
Date:   2018-09-15T07:35:22Z

ORC-403: [C++] Add checks to avoid negative offset in InputStream




---

[jira] [Created] (ORC-403) Should check PostScript length before serializing it

[Quanlong Huang (JIRA)]

Quanlong Huang created ORC-403:
--

 Summary: Should check PostScript length before serializing it
 Key: ORC-403
 URL: https://issues.apache.org/jira/browse/ORC-403
 Project: ORC
  Issue Type: Bug
  Components: C++
Reporter: Quanlong Huang
Assignee: Quanlong Huang


A malformed ORC file may have a postscript length larger than the file size, 
which causes orc:: readPostscript to read unexpected data.
{code}
std::unique_ptr postscript =
  std::unique_ptr(new proto::PostScript());
if (!postscript->ParseFromArray(ptr + readSize - 1 - postscriptSize,
   static_cast(postscriptSize))) {
  throw ParseError("Failed to parse the postscript from " +
   stream->getName());
}
{code}
We should make sure readSize - 1 - postscriptSize >= 0.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)