Uploaded image for project: 'ORC'
  1. ORC
  2. ORC-591

orc::readFully crash due to null pointer variable

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 1.7.0
    • C++
    • None

    Description

      orc::readFully() could crash due to null pointer of stream variable. Reproduce by using orc-scan to read the attached corrupt orc file.

      Program received signal SIGSEGV, Segmentation fault.
orc::readFully (buffer=0xb11c30 "", bufferSize=10, stream=0x0) at /home/quanlong/workspace/orc/c++/src/ColumnReader.cc:522
522	      if (!stream->Next(&chunk, &length)) {
(gdb) bt
#0  orc::readFully (buffer=0xb11c30 "", bufferSize=10, stream=0x0) at /home/quanlong/workspace/orc/c++/src/ColumnReader.cc:522
#1  0x00000000005f6c14 in orc::StringDictionaryColumnReader::StringDictionaryColumnReader (this=this@entry=0xb0ebc0, type=..., stripe=...) at /home/quanlong/workspace/orc/c++/src/ColumnReader.cc:596
#2  0x00000000005f70bb in orc::buildReader (type=..., stripe=...) at /home/quanlong/workspace/orc/c++/src/ColumnReader.cc:1756
#3  0x00000000005f722b in orc::StructColumnReader::StructColumnReader (this=this@entry=0xb0d7c0, type=..., stripe=...) at /home/quanlong/workspace/orc/c++/src/ColumnReader.cc:876
#4  0x00000000005f701b in orc::buildReader (type=..., stripe=...) at /home/quanlong/workspace/orc/c++/src/ColumnReader.cc:1787
#5  0x000000000059fd18 in orc::RowReaderImpl::startNextStripe (this=0xae3060) at /home/quanlong/workspace/orc/c++/src/Reader.cc:917
#6  0x00000000005a016a in orc::RowReaderImpl::next (this=0xae3060, data=...) at /home/quanlong/workspace/orc/c++/src/Reader.cc:932
#7  0x0000000000597a78 in scanFile (out=..., filename=<optimized out>, batchSize=batchSize@entry=1024) at /home/quanlong/workspace/orc/tools/src/FileScan.cc:39
#8  0x00000000005972f8 in main (argc=1, argv=<optimized out>) at /home/quanlong/workspace/orc/tools/src/FileScan.cc:84
(gdb) l
517	  void readFully(char* buffer, int64_t bufferSize, SeekableInputStream* stream) {
518	    int64_t posn = 0;
519	    while (posn < bufferSize) {
520	      const void* chunk;
521	      int length;
522	      if (!stream->Next(&chunk, &length)) {
523	        throw ParseError("bad read in readFully");
524	      }
525	      if (posn + length > bufferSize) {
526	        throw ParseError("Corrupt dictionary blob in StringDictionaryColumn");

      Attachments

        1. alltypes_uncompressed_corrupt.orc
          169 kB
          Quanlong Huang

        Issue Links

          causes

          Bug - A problem which impairs or prevents the functions of the product. IMPALA-9306 HdfsOrcScanner crashes in orc::readFully

          • Blocker - Blocks development and/or testing work, production could not run
          • Resolved
          links to

          Web Link GitHub Pull Request #471

          Activity

            People

              stigahuang Quanlong Huang
              stigahuang Quanlong Huang
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 20m
                  20m