[AVRO-3617] [C++] Integer overflow risks with Validator::count_ and Validator::counters_ - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.12.0
Component/s: c++
Labels:
- pull-request-available
- pull-requests-available

Language:
- C++

Description

In Validator, there seems to be some inconsistency with std::vector<size_t> counters_ and int64_t count_:

Validator::countingSetup converts int64_t to size_t: counters_.push_back(static_cast<size_t>(count_));
Validator::countingAdvance converts size_t to int: int count = --counters_.back();
Validator::unionAdvance converts size_t to int64_t: if (count_ < static_cast<int64_t>(node->leaves()))
Validator::unionAdvance converts int64_t to int and that to size_t: setupOperation(node->leafAt(static_cast<int>(count_)));

I did not verify whether these integers can actually grow so high that overflow is possible. Nevertheless, it would be safest to use integer types consistently.

(Originally posted as https://github.com/apache/avro/pull/1836#issuecomment-1225303643.)

Attachments

Issue Links

Is contained by

AVRO-4019 [C++] Correct signedness of validator methods

Resolved

links to

GitHub Pull Request #1852

Activity

People

Assignee:: Unassigned

Reporter:: Kalle Niemitalo

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 24/Aug/22 07:42

Updated:: 30/Jul/24 06:38

Resolved:: 30/Jul/24 06:38

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

2.5h