You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@orc.apache.org by stiga-huang <gi...@git.apache.org> on 2018/09/15 07:38:13 UTC

[GitHub] orc pull request #309: ORC-403: [C++] Add checks to avoid negative offsets i...

GitHub user stiga-huang opened a pull request:

    https://github.com/apache/orc/pull/309

    ORC-403: [C++] Add checks to avoid negative offsets in InputStream

    

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/stiga-huang/orc check-offsets

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/orc/pull/309.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #309
    
----
commit 3a0e6ebc149375e424ef8d8155a774a910875a83
Author: stiga-huang <hu...@...>
Date:   2018-09-15T07:35:22Z

    ORC-403: [C++] Add checks to avoid negative offset in InputStream

----


---

[GitHub] orc pull request #309: ORC-403: [C++] Add checks to avoid invalid offsets in...

Posted by asfgit <gi...@git.apache.org>.

Github user asfgit closed the pull request at:

    https://github.com/apache/orc/pull/309


---

[GitHub] orc pull request #309: ORC-403: [C++] Add checks to avoid invalid offsets in...

Posted by omalley <gi...@git.apache.org>.

Github user omalley commented on a diff in the pull request:

    https://github.com/apache/orc/pull/309#discussion_r218244811
  
    --- Diff: c++/src/Reader.cc ---
    @@ -498,6 +498,12 @@ namespace orc {
           const proto::Stream& stream = currentStripeFooter.streams(i);
           uint64_t length = static_cast<uint64_t>(stream.length());
           if (static_cast<StreamKind>(stream.kind()) == StreamKind::StreamKind_ROW_INDEX) {
    +        if (offset + length > fileLength) {
    --- End diff --
    
    This check is really good, but it would also be nice to check that the stream is within the stripe, although you'd need to pass that in also. We could  pass the whole proto::StripeInformation in.


---

[GitHub] orc pull request #309: ORC-403: [C++] Add checks to avoid invalid offsets in...

Posted by stiga-huang <gi...@git.apache.org>.

Github user stiga-huang commented on a diff in the pull request:

    https://github.com/apache/orc/pull/309#discussion_r218442570
  
    --- Diff: c++/src/Reader.cc ---
    @@ -498,6 +498,12 @@ namespace orc {
           const proto::Stream& stream = currentStripeFooter.streams(i);
           uint64_t length = static_cast<uint64_t>(stream.length());
           if (static_cast<StreamKind>(stream.kind()) == StreamKind::StreamKind_ROW_INDEX) {
    +        if (offset + length > fileLength) {
    --- End diff --
    
    Yes! I'll add more strict checks.


---