You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@drill.apache.org by "Paul Rogers (JIRA)" <ji...@apache.org> on 2016/12/24 20:53:58 UTC

[jira] [Created] (DRILL-5162) Overflow error in variable-length vector setSafe method

Paul Rogers created DRILL-5162:
----------------------------------

             Summary: Overflow error in variable-length vector setSafe method
                 Key: DRILL-5162
                 URL: https://issues.apache.org/jira/browse/DRILL-5162
             Project: Apache Drill
          Issue Type: Bug
    Affects Versions: 1.8.0
            Reporter: Paul Rogers
            Assignee: Paul Rogers
            Priority: Minor


The variable-length vectors {{setSafe()}} contains an off-by-one error that causes an {{IndexOutOfBoundsException}}. Consider the current code (as generated for {{VarCharVector}}):

{code}
    public void setSafe(int index, byte[] bytes) {
      assert index >= 0;

      final int currentOffset = offsetVector.getAccessor().get(index);
      while (data.capacity() < currentOffset + bytes.length) {
        reAlloc();
      }
      offsetVector.getMutator().setSafe(index + 1, currentOffset + bytes.length);
      data.setBytes(currentOffset, bytes, 0, bytes.length);
    }
{code}

Suppose the vector has capacity. The {{while}} statement does nothing. The {{setSafe}} method is called to extend the offset vector if needed and set the value. Then we set the data in the data vector. All good.

Suppose the vector is empty. The offset vector is also empty. Look carefully at what happens. The call to {{offsetVector.getAccessor().get(index)}} requests the offset at index 0. But, there is no such index; the offset vector is empty. The result is an index-out-of-bounds exception.

The same problem can occur if the offset vector has capacity for n values and we try to write the n+1st value.

Since this is a "safe" method, expected the variable length vector to safely extend the offset vector as well as the data vector.

This is a minor severity because, evidently, no code uses this path and so no existing code found this error. It was discovered in attempting to extend the mock data generator.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)