You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues-all@impala.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2020/10/15 00:26:00 UTC
[jira] [Commented] (IMPALA-9232) Potential overflow in
SerializeThriftMsg
[ https://issues.apache.org/jira/browse/IMPALA-9232?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17214338#comment-17214338 ]
ASF subversion and git services commented on IMPALA-9232:
---------------------------------------------------------
Commit 63c435cac11a623693402a2197efdf3b928bd349 in impala's branch refs/heads/master from Qifan Chen
[ https://gitbox.apache.org/repos/asf?p=impala.git;h=63c435c ]
IMPALA-9232 Potential overflow in serializeThriftMsg
This fix added a sanity check to assure the length of the buffer
holding a serialized object does not go over INT_MAX bytes.
Testing:
1. Unit testing;
2. Ran Core tests successfully.
Change-Id: Ie76028acea84dbe0e88518dae60aaf7e7ca55e9e
Reviewed-on: http://gerrit.cloudera.org:8080/16584
Reviewed-by: Tim Armstrong <ta...@cloudera.com>
Tested-by: Impala Public Jenkins <im...@cloudera.com>
> Potential overflow in SerializeThriftMsg
> ----------------------------------------
>
> Key: IMPALA-9232
> URL: https://issues.apache.org/jira/browse/IMPALA-9232
> Project: IMPALA
> Issue Type: Bug
> Components: Backend
> Reporter: Tim Armstrong
> Assignee: Qifan Chen
> Priority: Major
>
> https://github.com/apache/impala/blob/master/be/src/rpc/jni-thrift-util.h#L30 a uint32_t is passed into NewByteArray and SetByteArrayRegion which both take int32_t arguments.
> I think the RETURN_ERROR_IF_EXC checks would likely catch this, but would be good to fix.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscribe@impala.apache.org
For additional commands, e-mail: issues-all-help@impala.apache.org