Uploaded image for project: 'ORC'
  1. ORC
  2. ORC-591

orc::readFully crash due to null pointer variable

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 1.7.0
    • C++
    • None

    Description

      orc::readFully() could crash due to null pointer of stream variable. Reproduce by using orc-scan to read the attached corrupt orc file.

      Program received signal SIGSEGV, Segmentation fault.
      orc::readFully (buffer=0xb11c30 "", bufferSize=10, stream=0x0) at /home/quanlong/workspace/orc/c++/src/ColumnReader.cc:522
      522	      if (!stream->Next(&chunk, &length)) {
      (gdb) bt
      #0  orc::readFully (buffer=0xb11c30 "", bufferSize=10, stream=0x0) at /home/quanlong/workspace/orc/c++/src/ColumnReader.cc:522
      #1  0x00000000005f6c14 in orc::StringDictionaryColumnReader::StringDictionaryColumnReader (this=this@entry=0xb0ebc0, type=..., stripe=...) at /home/quanlong/workspace/orc/c++/src/ColumnReader.cc:596
      #2  0x00000000005f70bb in orc::buildReader (type=..., stripe=...) at /home/quanlong/workspace/orc/c++/src/ColumnReader.cc:1756
      #3  0x00000000005f722b in orc::StructColumnReader::StructColumnReader (this=this@entry=0xb0d7c0, type=..., stripe=...) at /home/quanlong/workspace/orc/c++/src/ColumnReader.cc:876
      #4  0x00000000005f701b in orc::buildReader (type=..., stripe=...) at /home/quanlong/workspace/orc/c++/src/ColumnReader.cc:1787
      #5  0x000000000059fd18 in orc::RowReaderImpl::startNextStripe (this=0xae3060) at /home/quanlong/workspace/orc/c++/src/Reader.cc:917
      #6  0x00000000005a016a in orc::RowReaderImpl::next (this=0xae3060, data=...) at /home/quanlong/workspace/orc/c++/src/Reader.cc:932
      #7  0x0000000000597a78 in scanFile (out=..., filename=<optimized out>, batchSize=batchSize@entry=1024) at /home/quanlong/workspace/orc/tools/src/FileScan.cc:39
      #8  0x00000000005972f8 in main (argc=1, argv=<optimized out>) at /home/quanlong/workspace/orc/tools/src/FileScan.cc:84
      (gdb) l
      517	  void readFully(char* buffer, int64_t bufferSize, SeekableInputStream* stream) {
      518	    int64_t posn = 0;
      519	    while (posn < bufferSize) {
      520	      const void* chunk;
      521	      int length;
      522	      if (!stream->Next(&chunk, &length)) {
      523	        throw ParseError("bad read in readFully");
      524	      }
      525	      if (posn + length > bufferSize) {
      526	        throw ParseError("Corrupt dictionary blob in StringDictionaryColumn");
      

      Attachments

        1. alltypes_uncompressed_corrupt.orc
          169 kB
          Quanlong Huang

        Issue Links

          Activity

            githubbot ASF GitHub Bot logged work - 19/Jan/20 11:53
            • Time Spent:
              10m
               
              stiga-huang commented on pull request #471: ORC-591: [C++] Check missing blob stream for StringDictionaryColumnReader
              URL: https://github.com/apache/orc/pull/471
               
               
                 
               
              ----------------------------------------------------------------
              This is an automated message from the Apache Git Service.
              To respond to the message, please log on to GitHub and use the
              URL above to go to the specific comment.
               
              For queries about this service, please contact Infrastructure at:
              users@infra.apache.org
            githubbot ASF GitHub Bot logged work - 20/Jan/20 08:08
            • Time Spent:
              10m
               
              wgtmac commented on pull request #471: ORC-591: [C++] Check missing blob stream for StringDictionaryColumnReader
              URL: https://github.com/apache/orc/pull/471
               
               
                 
               
              ----------------------------------------------------------------
              This is an automated message from the Apache Git Service.
              To respond to the message, please log on to GitHub and use the
              URL above to go to the specific comment.
               
              For queries about this service, please contact Infrastructure at:
              users@infra.apache.org

            People

              stigahuang Quanlong Huang
              stigahuang Quanlong Huang
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 20m
                  20m