You are viewing a plain text version of this content. The canonical link for it is here.
Posted to github@arrow.apache.org by GitBox <gi...@apache.org> on 2022/03/01 15:02:44 UTC
[GitHub] [arrow] pitrou opened a new pull request #12532: ARROW-15815: [C++][Parquet] Fix undefined behaviour on invalid input
pitrou opened a new pull request #12532:
URL: https://github.com/apache/arrow/pull/12532
Found by OSS-Fuzz. Should fix the following issue:
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44746
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [arrow] github-actions[bot] commented on pull request #12532: ARROW-15815: [C++][Parquet] Fix undefined behaviour on invalid input
Posted by GitBox <gi...@apache.org>.
github-actions[bot] commented on pull request #12532:
URL: https://github.com/apache/arrow/pull/12532#issuecomment-1055586865
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [arrow] pitrou commented on a change in pull request #12532: ARROW-15815: [C++][Parquet] Fix undefined behaviour on invalid input
Posted by GitBox <gi...@apache.org>.
pitrou commented on a change in pull request #12532:
URL: https://github.com/apache/arrow/pull/12532#discussion_r818697820
##########
File path: cpp/src/parquet/file_reader.cc
##########
@@ -146,6 +146,10 @@ ::arrow::io::ReadRange ComputeColumnChunkRange(FileMetaData* file_metadata,
int64_t col_length = column_metadata->total_compressed_size();
int64_t col_end;
+ if (col_start < 0 || col_length < 0) {
+ throw ParquetException("Invalid column metadata (corrupt file?)");
Review comment:
I don't think that'd be useful. They are unlikely to arise of a programming error in the writer (how do you get a negative length or file offset?).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [arrow] ursabot edited a comment on pull request #12532: ARROW-15815: [C++][Parquet] Fix undefined behaviour on invalid input
Posted by GitBox <gi...@apache.org>.
ursabot edited a comment on pull request #12532:
URL: https://github.com/apache/arrow/pull/12532#issuecomment-1058090424
Benchmark runs are scheduled for baseline = 93b192c7a6ea9ca2d363cd9a345e678915cb3020 and contender = e314d8d0d611c7f9ca7f2fbee174fcea3d0c66f2. e314d8d0d611c7f9ca7f2fbee174fcea3d0c66f2 is a master commit associated with this PR. Results will be available as each benchmark for each run completes.
Conbench compare runs links:
[Finished :arrow_down:0.0% :arrow_up:0.0%] [ec2-t3-xlarge-us-east-2](https://conbench.ursa.dev/compare/runs/3985081b77d54a04b6bbef15b33840c7...eb2303724460425a808e3b9ce4619c9a/)
[Scheduled] [test-mac-arm](https://conbench.ursa.dev/compare/runs/0429758b21e54b4fa55d85a6fe0178ca...a42571cbf57e4705ab8c4546f32dd1a6/)
[Scheduled] [ursa-i9-9960x](https://conbench.ursa.dev/compare/runs/42bb2b6ea78f47e7abf12b36bc1a2bc3...1a9e2fed6bec4347bf1416a81722a2e8/)
[Scheduled] [ursa-thinkcentre-m75q](https://conbench.ursa.dev/compare/runs/54ff6417e26c4fe28183224e4369ca65...010de900af7e4879bfc03d95839cbe7a/)
Supported benchmarks:
ec2-t3-xlarge-us-east-2: Supported benchmark langs: Python. Runs only benchmarks with cloud = True
test-mac-arm: Supported benchmark langs: C++, Python, R
ursa-i9-9960x: Supported benchmark langs: Python, R, JavaScript
ursa-thinkcentre-m75q: Supported benchmark langs: C++, Java
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [arrow] pitrou closed pull request #12532: ARROW-15815: [C++][Parquet] Fix undefined behaviour on invalid input
Posted by GitBox <gi...@apache.org>.
pitrou closed pull request #12532:
URL: https://github.com/apache/arrow/pull/12532
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [arrow] ursabot edited a comment on pull request #12532: ARROW-15815: [C++][Parquet] Fix undefined behaviour on invalid input
Posted by GitBox <gi...@apache.org>.
ursabot edited a comment on pull request #12532:
URL: https://github.com/apache/arrow/pull/12532#issuecomment-1058090424
Benchmark runs are scheduled for baseline = 93b192c7a6ea9ca2d363cd9a345e678915cb3020 and contender = e314d8d0d611c7f9ca7f2fbee174fcea3d0c66f2. e314d8d0d611c7f9ca7f2fbee174fcea3d0c66f2 is a master commit associated with this PR. Results will be available as each benchmark for each run completes.
Conbench compare runs links:
[Finished :arrow_down:0.0% :arrow_up:0.0%] [ec2-t3-xlarge-us-east-2](https://conbench.ursa.dev/compare/runs/3985081b77d54a04b6bbef15b33840c7...eb2303724460425a808e3b9ce4619c9a/)
[Finished :arrow_down:0.34% :arrow_up:0.0%] [test-mac-arm](https://conbench.ursa.dev/compare/runs/0429758b21e54b4fa55d85a6fe0178ca...a42571cbf57e4705ab8c4546f32dd1a6/)
[Finished :arrow_down:0.0% :arrow_up:0.0%] [ursa-i9-9960x](https://conbench.ursa.dev/compare/runs/42bb2b6ea78f47e7abf12b36bc1a2bc3...1a9e2fed6bec4347bf1416a81722a2e8/)
[Finished :arrow_down:0.3% :arrow_up:0.0%] [ursa-thinkcentre-m75q](https://conbench.ursa.dev/compare/runs/54ff6417e26c4fe28183224e4369ca65...010de900af7e4879bfc03d95839cbe7a/)
Supported benchmarks:
ec2-t3-xlarge-us-east-2: Supported benchmark langs: Python. Runs only benchmarks with cloud = True
test-mac-arm: Supported benchmark langs: C++, Python, R
ursa-i9-9960x: Supported benchmark langs: Python, R, JavaScript
ursa-thinkcentre-m75q: Supported benchmark langs: C++, Java
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [arrow] ursabot commented on pull request #12532: ARROW-15815: [C++][Parquet] Fix undefined behaviour on invalid input
Posted by GitBox <gi...@apache.org>.
ursabot commented on pull request #12532:
URL: https://github.com/apache/arrow/pull/12532#issuecomment-1058090424
Benchmark runs are scheduled for baseline = 93b192c7a6ea9ca2d363cd9a345e678915cb3020 and contender = e314d8d0d611c7f9ca7f2fbee174fcea3d0c66f2. e314d8d0d611c7f9ca7f2fbee174fcea3d0c66f2 is a master commit associated with this PR. Results will be available as each benchmark for each run completes.
Conbench compare runs links:
[Scheduled] [ec2-t3-xlarge-us-east-2](https://conbench.ursa.dev/compare/runs/3985081b77d54a04b6bbef15b33840c7...eb2303724460425a808e3b9ce4619c9a/)
[Scheduled] [test-mac-arm](https://conbench.ursa.dev/compare/runs/0429758b21e54b4fa55d85a6fe0178ca...a42571cbf57e4705ab8c4546f32dd1a6/)
[Scheduled] [ursa-i9-9960x](https://conbench.ursa.dev/compare/runs/42bb2b6ea78f47e7abf12b36bc1a2bc3...1a9e2fed6bec4347bf1416a81722a2e8/)
[Scheduled] [ursa-thinkcentre-m75q](https://conbench.ursa.dev/compare/runs/54ff6417e26c4fe28183224e4369ca65...010de900af7e4879bfc03d95839cbe7a/)
Supported benchmarks:
ec2-t3-xlarge-us-east-2: Supported benchmark langs: Python. Runs only benchmarks with cloud = True
test-mac-arm: Supported benchmark langs: C++, Python, R
ursa-i9-9960x: Supported benchmark langs: Python, R, JavaScript
ursa-thinkcentre-m75q: Supported benchmark langs: C++, Java
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [arrow] pitrou commented on pull request #12532: ARROW-15815: [C++][Parquet] Fix undefined behaviour on invalid input
Posted by GitBox <gi...@apache.org>.
pitrou commented on pull request #12532:
URL: https://github.com/apache/arrow/pull/12532#issuecomment-1055536998
@tachyonwill FYI
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [arrow] emkornfield commented on a change in pull request #12532: ARROW-15815: [C++][Parquet] Fix undefined behaviour on invalid input
Posted by GitBox <gi...@apache.org>.
emkornfield commented on a change in pull request #12532:
URL: https://github.com/apache/arrow/pull/12532#discussion_r818037711
##########
File path: cpp/src/parquet/file_reader.cc
##########
@@ -146,6 +146,10 @@ ::arrow::io::ReadRange ComputeColumnChunkRange(FileMetaData* file_metadata,
int64_t col_length = column_metadata->total_compressed_size();
int64_t col_end;
+ if (col_start < 0 || col_length < 0) {
+ throw ParquetException("Invalid column metadata (corrupt file?)");
Review comment:
maybe include the values?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [arrow] ursabot edited a comment on pull request #12532: ARROW-15815: [C++][Parquet] Fix undefined behaviour on invalid input
Posted by GitBox <gi...@apache.org>.
ursabot edited a comment on pull request #12532:
URL: https://github.com/apache/arrow/pull/12532#issuecomment-1058090424
Benchmark runs are scheduled for baseline = 93b192c7a6ea9ca2d363cd9a345e678915cb3020 and contender = e314d8d0d611c7f9ca7f2fbee174fcea3d0c66f2. e314d8d0d611c7f9ca7f2fbee174fcea3d0c66f2 is a master commit associated with this PR. Results will be available as each benchmark for each run completes.
Conbench compare runs links:
[Finished :arrow_down:0.0% :arrow_up:0.0%] [ec2-t3-xlarge-us-east-2](https://conbench.ursa.dev/compare/runs/3985081b77d54a04b6bbef15b33840c7...eb2303724460425a808e3b9ce4619c9a/)
[Finished :arrow_down:0.34% :arrow_up:0.0%] [test-mac-arm](https://conbench.ursa.dev/compare/runs/0429758b21e54b4fa55d85a6fe0178ca...a42571cbf57e4705ab8c4546f32dd1a6/)
[Scheduled] [ursa-i9-9960x](https://conbench.ursa.dev/compare/runs/42bb2b6ea78f47e7abf12b36bc1a2bc3...1a9e2fed6bec4347bf1416a81722a2e8/)
[Finished :arrow_down:0.3% :arrow_up:0.0%] [ursa-thinkcentre-m75q](https://conbench.ursa.dev/compare/runs/54ff6417e26c4fe28183224e4369ca65...010de900af7e4879bfc03d95839cbe7a/)
Supported benchmarks:
ec2-t3-xlarge-us-east-2: Supported benchmark langs: Python. Runs only benchmarks with cloud = True
test-mac-arm: Supported benchmark langs: C++, Python, R
ursa-i9-9960x: Supported benchmark langs: Python, R, JavaScript
ursa-thinkcentre-m75q: Supported benchmark langs: C++, Java
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org