orc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From stiga-huang <...@git.apache.org>
Subject [GitHub] orc pull request #224: ORC-312: fix buffer overflow in corrupt StringDiction...
Date Sat, 03 Mar 2018 06:05:27 GMT
GitHub user stiga-huang opened a pull request:

    https://github.com/apache/orc/pull/224

    ORC-312: fix buffer overflow in corrupt StringDictionaryColumn

    The crash is due to the buffer overflow in orc::readFully which only used in StringDictionaryColumnReader
currently. The decoded length may larger than we expected if the file is corrupt.
    
    This patch also adds checks for the range of entry indices in StringDictionaryColumnReader::next.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/stiga-huang/orc fix-mem-corrupt

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/orc/pull/224.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #224
    
----
commit e3b923ce3924218a3737fbac3a97e7faaa286280
Author: stiga-huang <huangquanlong@...>
Date:   2018-03-03T05:54:35Z

    ORC-312: fix buffer overflow in corrupt StringDictionaryColumn

----


---

Mime
View raw message