[IMPALA-6844] Fix possible NULL dereference in to_date() builtin - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: Impala 2.9.0, Impala 2.10.0, Impala 2.11.0
Fix Version/s: Impala 3.1.0
Component/s: Backend
Labels:
- crash
- newbie

Target Version:

Impala 2.13.0, Impala 3.1.0
Epic Color:
ghx-label-5

Description

If result.ptr allocation fails for some reason inside the StringVal constructor, we still overwrite result.len and continue.

StringVal TimestampFunctions::ToDate(FunctionContext* context,
const TimestampVal& ts_val) {
if (ts_val.is_null) return StringVal::null();
const TimestampValue ts_value = TimestampValue::FromTimestampVal(ts_val);
// Defensively, return NULL if the timestamp does not have a date portion. Some of
// our built-in functions might incorrectly return such a malformed timestamp.
if (!ts_value.HasDate()) return StringVal::null();
StringVal result(context, 10);
result.len = 10;
// Fill in year, month, and day.
IntToChar(result.ptr, ts_value.date().year(), 4);  <-----
IntToChar(result.ptr + 5, ts_value.date().month(), 2);
IntToChar(result.ptr + 8, ts_value.date().day(), 2);
// Fill in dashes.
result.ptr[7] = '-';
result.ptr[4] = '-';
return result;
}

Attachments

Activity

People

Assignee:: Vincent Tran

Reporter:: Bharath Vissapragada

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 12/Apr/18 21:59

Updated:: 27/Aug/18 15:43

Resolved:: 27/Aug/18 12:35