You are viewing a plain text version of this content. The canonical link for it is here.
Posted to github@arrow.apache.org by "bkietz (via GitHub)" <gi...@apache.org> on 2023/11/15 21:04:27 UTC
[PR] GH-38738: [C++] Check variadic buffer counts in bounds [arrow]
bkietz opened a new pull request, #38740:
URL: https://github.com/apache/arrow/pull/38740
<!--
Thanks for opening a pull request!
If this is your first pull request you can find detailed information on how
to contribute here:
* [New Contributor's Guide](https://arrow.apache.org/docs/dev/developers/guide/step_by_step/pr_lifecycle.html#reviews-and-merge-of-the-pull-request)
* [Contributing Overview](https://arrow.apache.org/docs/dev/developers/overview.html)
If this is not a [minor PR](https://github.com/apache/arrow/blob/main/CONTRIBUTING.md#Minor-Fixes). Could you open an issue for this pull request on GitHub? https://github.com/apache/arrow/issues/new/choose
Opening GitHub issues ahead of time contributes to the [Openness](http://theapacheway.com/open/#:~:text=Openness%20allows%20new%20users%20the,must%20happen%20in%20the%20open.) of the Apache Arrow project.
Then could you also rename the pull request title in the following format?
GH-${GITHUB_ISSUE_ID}: [${COMPONENT}] ${SUMMARY}
or
MINOR: [${COMPONENT}] ${SUMMARY}
In the case of PARQUET issues on JIRA the title also supports:
PARQUET-${JIRA_ISSUE_ID}: [${COMPONENT}] ${SUMMARY}
-->
### Rationale for this change
Invalid variadic buffer counts can cause allocating storage for variadic buffers to fail.
<!--
Why are you proposing this change? If this is already explained clearly in the issue then this section is not needed.
Explaining clearly why changes are proposed helps reviewers understand your changes and offer better suggestions for fixes.
-->
### What changes are included in this PR?
Check variadic buffer counts are valid before they are used as an allocator argument.
<!--
There is no need to duplicate the description in the issue here but it is sometimes worth providing a summary of the individual changes in this PR.
-->
### Are these changes tested?
They pass with the fuzzer testcase.
<!--
We typically require tests for all PRs in order to:
1. Prevent the code from being accidentally broken by subsequent changes
2. Serve as another way to document the expected behavior of the code
If tests are not included in your PR, please explain why (for example, are they covered by existing tests)?
-->
### Are there any user-facing changes?
No
<!--
If there are user-facing changes then we may require documentation to be updated before approving the PR.
-->
<!--
If there are any breaking changes to public APIs, please uncomment the line below and explain which changes are breaking.
-->
<!-- **This PR includes breaking changes to public APIs.** -->
<!--
Please uncomment the line below (and provide explanation) if the changes fix either (a) a security vulnerability, (b) a bug that caused incorrect or invalid data to be produced, or (c) a bug that causes a crash (even when the API contract is upheld). We use this to highlight fixes to issues that may affect users without their knowledge. For this reason, fixing bugs that cause errors don't count, since those are usually obvious.
-->
<!-- **This PR contains a "Critical Fix".** -->
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [PR] GH-38738: [C++] Check variadic buffer counts in bounds [arrow]
Posted by "bkietz (via GitHub)" <gi...@apache.org>.
bkietz commented on PR #38740:
URL: https://github.com/apache/arrow/pull/38740#issuecomment-1828139948
fuzz regression file added in https://github.com/apache/arrow-testing/pull/98
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [PR] GH-38738: [C++] Check variadic buffer counts in bounds [arrow]
Posted by "pitrou (via GitHub)" <gi...@apache.org>.
pitrou commented on code in PR #38740:
URL: https://github.com/apache/arrow/pull/38740#discussion_r1403482751
##########
cpp/src/arrow/ipc/reader.cc:
##########
@@ -254,7 +254,12 @@ class ArrayLoader {
if (i >= static_cast<int>(variadic_counts->size())) {
return Status::IOError("variadic_count_index out of range.");
}
- return static_cast<size_t>(variadic_counts->Get(i));
+ int64_t count = variadic_counts->Get(i);
+ if (count < 0 || count > std::numeric_limits<int32_t>::max()) {
+ return Status::IOError(
+ "variadic_count must be represenable as a positive int32_t, got ", count, ".");
Review Comment:
```suggestion
"variadic_count must be representable as a positive int32_t, got ", count, ".");
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [PR] GH-38738: [C++] Check variadic buffer counts in bounds [arrow]
Posted by "pitrou (via GitHub)" <gi...@apache.org>.
pitrou commented on PR #38740:
URL: https://github.com/apache/arrow/pull/38740#issuecomment-1824562466
> Should the fuzzer testcases be added to testing/data/arrow-ipc-stream/ ?
Yes, they should
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [PR] GH-38738: [C++] Check variadic buffer counts in bounds [arrow]
Posted by "conbench-apache-arrow[bot] (via GitHub)" <gi...@apache.org>.
conbench-apache-arrow[bot] commented on PR #38740:
URL: https://github.com/apache/arrow/pull/38740#issuecomment-1829142549
After merging your PR, Conbench analyzed the 5 benchmarking runs that have been run so far on merge-commit 84c15da1997559c37841dc16f9e2c70c643dd9d2.
There were no benchmark performance regressions. 🎉
The [full Conbench report](https://github.com/apache/arrow/runs/19082864912) has more details. It also includes information about 6 possible false positives for unstable benchmarks that are known to sometimes produce them.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [PR] GH-38738: [C++] Check variadic buffer counts in bounds [arrow]
Posted by "bkietz (via GitHub)" <gi...@apache.org>.
bkietz merged PR #38740:
URL: https://github.com/apache/arrow/pull/38740
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [PR] GH-38738: [C++] Check variadic buffer counts in bounds [arrow]
Posted by "bkietz (via GitHub)" <gi...@apache.org>.
bkietz commented on PR #38740:
URL: https://github.com/apache/arrow/pull/38740#issuecomment-1813261479
Should the fuzzer testcases be added to testing/data/arrow-ipc-stream/ ?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org