drill-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Paul Rogers (JIRA)" <j...@apache.org>
Subject [jira] [Created] (DRILL-5162) Overflow error in variable-length vector setSafe method
Date Sat, 24 Dec 2016 20:53:58 GMT
Paul Rogers created DRILL-5162:
----------------------------------

             Summary: Overflow error in variable-length vector setSafe method
                 Key: DRILL-5162
                 URL: https://issues.apache.org/jira/browse/DRILL-5162
             Project: Apache Drill
          Issue Type: Bug
    Affects Versions: 1.8.0
            Reporter: Paul Rogers
            Assignee: Paul Rogers
            Priority: Minor


The variable-length vectors {{setSafe()}} contains an off-by-one error that causes an {{IndexOutOfBoundsException}}.
Consider the current code (as generated for {{VarCharVector}}):

{code}
    public void setSafe(int index, byte[] bytes) {
      assert index >= 0;

      final int currentOffset = offsetVector.getAccessor().get(index);
      while (data.capacity() < currentOffset + bytes.length) {
        reAlloc();
      }
      offsetVector.getMutator().setSafe(index + 1, currentOffset + bytes.length);
      data.setBytes(currentOffset, bytes, 0, bytes.length);
    }
{code}

Suppose the vector has capacity. The {{while}} statement does nothing. The {{setSafe}} method
is called to extend the offset vector if needed and set the value. Then we set the data in
the data vector. All good.

Suppose the vector is empty. The offset vector is also empty. Look carefully at what happens.
The call to {{offsetVector.getAccessor().get(index)}} requests the offset at index 0. But,
there is no such index; the offset vector is empty. The result is an index-out-of-bounds exception.

The same problem can occur if the offset vector has capacity for n values and we try to write
the n+1st value.

Since this is a "safe" method, expected the variable length vector to safely extend the offset
vector as well as the data vector.

This is a minor severity because, evidently, no code uses this path and so no existing code
found this error. It was discovered in attempting to extend the mock data generator.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message