[AVRO-1237] Avro-C segfaults when union discriminant out of bounds - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.7.6
Component/s: c
Labels:
None
Environment:

Avro-C 1.7.2
Ubuntu 12.04 x86_64

Description

libavro will segfault when decrypting a specially crafted (or corrupted) avro file when the discriminant is out of bounds.
There is already a check for < 0, but there is no upper bounds check.

I have attached a patch that checks the bounds.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

0001-Check-union-discriminant-bounds-in-both-directions.patch
01/Feb/13 05:38
2 kB
Michael Cooper
0001-Test-case-for-AVRO-1237.patch
13/Feb/13 14:29
5 kB
Douglas Creager
avro-1237-bad-union-discriminant.avro
13/Feb/13 14:29
0.1 kB
Douglas Creager
avro-1237-good.avro
13/Feb/13 14:29
0.1 kB
Douglas Creager
0001-AVRO-1237.-C-Verify-union-discriminant-when-reading-.patch
26/Jul/13 13:22
7 kB
Douglas Creager

Activity

People

Assignee:: Unassigned

Reporter:: Michael Cooper

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 01/Feb/13 05:36

Updated:: 11/Feb/14 04:54

Resolved:: 18/Dec/13 13:32