[AVRO-2220] std::bad_alloc when String or Bytes field has a negative length - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.9.0
Component/s: c++
Labels:
None

Description

Attached is a sample file created by our Fuzzer running on the C++ library that causes an std::bad_alloc due to the string or byte field having an invalid negative integer length. The fix is trivial I'll send out a PR soon but it's something like:

void BinaryDecoder::decodeString(std::string& value)
{
 // Preserve the sign to avoid allocating memory if len is negative.
 ssize_t len = decodeInt();
 if (len < 0) {
 throw Exception(
 boost::format("Cannot have a string of negative length: %1%") % len);
 }
 value.resize(len);
 if (len > 0) {
 in_.readBytes(reinterpret_cast<uint8_t*>(&value[0]), len);
 }
}

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

poc-18e554fc65b937059584f21805da4b598f2266290f19d764da2c30ca1c829d0a (3)
11/Sep/18 20:45
62 kB
Victor Mota

Issue Links

is a clone of

AVRO-2219 std::bad_alloc when String or Bytes field has a negative length

Resolved

links to

GitHub Pull Request #339

Activity

People

Assignee:: Victor Mota

Reporter:: Victor Mota

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 11/Sep/18 20:45

Updated:: 28/Dec/18 16:22

Resolved:: 02/Oct/18 17:25