You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@orc.apache.org by "Quanlong Huang (Jira)" <ji...@apache.org> on 2020/01/19 11:25:00 UTC

[jira] [Assigned] (ORC-591) orc::readFully crash due to null pointer variable

     [ https://issues.apache.org/jira/browse/ORC-591?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Quanlong Huang reassigned ORC-591:
----------------------------------

    Assignee: Quanlong Huang

> orc::readFully crash due to null pointer variable
> -------------------------------------------------
>
>                 Key: ORC-591
>                 URL: https://issues.apache.org/jira/browse/ORC-591
>             Project: ORC
>          Issue Type: Bug
>          Components: C++
>            Reporter: Quanlong Huang
>            Assignee: Quanlong Huang
>            Priority: Major
>         Attachments: alltypes_uncompressed_corrupt.orc
>
>
> orc::readFully() could crash due to null pointer of stream variable. Reproduce by using orc-scan to read the attached corrupt orc file.
> {code}
> Program received signal SIGSEGV, Segmentation fault.
> orc::readFully (buffer=0xb11c30 "", bufferSize=10, stream=0x0) at /home/quanlong/workspace/orc/c++/src/ColumnReader.cc:522
> 522	      if (!stream->Next(&chunk, &length)) {
> (gdb) bt
> #0  orc::readFully (buffer=0xb11c30 "", bufferSize=10, stream=0x0) at /home/quanlong/workspace/orc/c++/src/ColumnReader.cc:522
> #1  0x00000000005f6c14 in orc::StringDictionaryColumnReader::StringDictionaryColumnReader (this=this@entry=0xb0ebc0, type=..., stripe=...) at /home/quanlong/workspace/orc/c++/src/ColumnReader.cc:596
> #2  0x00000000005f70bb in orc::buildReader (type=..., stripe=...) at /home/quanlong/workspace/orc/c++/src/ColumnReader.cc:1756
> #3  0x00000000005f722b in orc::StructColumnReader::StructColumnReader (this=this@entry=0xb0d7c0, type=..., stripe=...) at /home/quanlong/workspace/orc/c++/src/ColumnReader.cc:876
> #4  0x00000000005f701b in orc::buildReader (type=..., stripe=...) at /home/quanlong/workspace/orc/c++/src/ColumnReader.cc:1787
> #5  0x000000000059fd18 in orc::RowReaderImpl::startNextStripe (this=0xae3060) at /home/quanlong/workspace/orc/c++/src/Reader.cc:917
> #6  0x00000000005a016a in orc::RowReaderImpl::next (this=0xae3060, data=...) at /home/quanlong/workspace/orc/c++/src/Reader.cc:932
> #7  0x0000000000597a78 in scanFile (out=..., filename=<optimized out>, batchSize=batchSize@entry=1024) at /home/quanlong/workspace/orc/tools/src/FileScan.cc:39
> #8  0x00000000005972f8 in main (argc=1, argv=<optimized out>) at /home/quanlong/workspace/orc/tools/src/FileScan.cc:84
> (gdb) l
> 517	  void readFully(char* buffer, int64_t bufferSize, SeekableInputStream* stream) {
> 518	    int64_t posn = 0;
> 519	    while (posn < bufferSize) {
> 520	      const void* chunk;
> 521	      int length;
> 522	      if (!stream->Next(&chunk, &length)) {
> 523	        throw ParseError("bad read in readFully");
> 524	      }
> 525	      if (posn + length > bufferSize) {
> 526	        throw ParseError("Corrupt dictionary blob in StringDictionaryColumn");
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)