You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@avro.apache.org by "Martin Tzvetanov Grigorov (Jira)" <ji...@apache.org> on 2022/07/25 19:46:00 UTC

[jira] [Created] (AVRO-3587) C: Fix possible heap-buffer-overflow in avro::DataFileReaderBase::readDataBlock()

Martin Tzvetanov Grigorov created AVRO-3587:
-----------------------------------------------

             Summary: C: Fix possible heap-buffer-overflow in avro::DataFileReaderBase::readDataBlock() 
                 Key: AVRO-3587
                 URL: https://issues.apache.org/jira/browse/AVRO-3587
             Project: Apache Avro
          Issue Type: Bug
          Components: c
            Reporter: Martin Tzvetanov Grigorov


Fix possible heap-buffer-overflow in avro::DataFileReaderBase::readDataBlock() while reading bad data.
This error was found by stress tests in ClickHouse under address sanitizer: https://github.com/ClickHouse/ClickHouse/issues/33652
Stacktrace:
```
==549==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200037c8cc at pc 0x000034e6e371 bp 0x7fc5a2e97e50 sp 0x7fc5a2e97e48
READ of size 1 at 0x60200037c8cc thread T553 (QueryPipelineEx)
    #0 0x34e6e370 in avro::DataFileReaderBase::readDataBlock() obj-x86_64-linux-gnu/../contrib/avro/lang/c++/impl/DataFile.cc:418:18
    #1 0x34e70485 in avro::DataFileReaderBase::hasMore() obj-x86_64-linux-gnu/../contrib/avro/lang/c++/impl/DataFile.cc:338:9
    ...
```
You can find an example of corrupted file here: https://drive.google.com/file/d/1pEZk3cbWiPvFCbTnndTO5YbQameZ1Jt2/view?usp=sharing
Reading this corrupted file under address sanitizer leads to heap-buffer-overflow.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)