You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@drill.apache.org by "Paul Rogers (JIRA)" <ji...@apache.org> on 2016/12/24 20:53:58 UTC
[jira] [Created] (DRILL-5162) Overflow error in variable-length
vector setSafe method
Paul Rogers created DRILL-5162:
----------------------------------
Summary: Overflow error in variable-length vector setSafe method
Key: DRILL-5162
URL: https://issues.apache.org/jira/browse/DRILL-5162
Project: Apache Drill
Issue Type: Bug
Affects Versions: 1.8.0
Reporter: Paul Rogers
Assignee: Paul Rogers
Priority: Minor
The variable-length vectors {{setSafe()}} contains an off-by-one error that causes an {{IndexOutOfBoundsException}}. Consider the current code (as generated for {{VarCharVector}}):
{code}
public void setSafe(int index, byte[] bytes) {
assert index >= 0;
final int currentOffset = offsetVector.getAccessor().get(index);
while (data.capacity() < currentOffset + bytes.length) {
reAlloc();
}
offsetVector.getMutator().setSafe(index + 1, currentOffset + bytes.length);
data.setBytes(currentOffset, bytes, 0, bytes.length);
}
{code}
Suppose the vector has capacity. The {{while}} statement does nothing. The {{setSafe}} method is called to extend the offset vector if needed and set the value. Then we set the data in the data vector. All good.
Suppose the vector is empty. The offset vector is also empty. Look carefully at what happens. The call to {{offsetVector.getAccessor().get(index)}} requests the offset at index 0. But, there is no such index; the offset vector is empty. The result is an index-out-of-bounds exception.
The same problem can occur if the offset vector has capacity for n values and we try to write the n+1st value.
Since this is a "safe" method, expected the variable length vector to safely extend the offset vector as well as the data vector.
This is a minor severity because, evidently, no code uses this path and so no existing code found this error. It was discovered in attempting to extend the mock data generator.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)