[AVRO-3587] C: Fix possible heap-buffer-overflow in avro::DataFileReaderBase::readDataBlock() - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.11.1, 1.12.0
Component/s: c
Labels:
None

Description

Fix possible heap-buffer-overflow in avro::DataFileReaderBase::readDataBlock() while reading bad data.
This error was found by stress tests in ClickHouse under address sanitizer: https://github.com/ClickHouse/ClickHouse/issues/33652
Stacktrace:
```
==549==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200037c8cc at pc 0x000034e6e371 bp 0x7fc5a2e97e50 sp 0x7fc5a2e97e48
READ of size 1 at 0x60200037c8cc thread T553 (QueryPipelineEx)
#0 0x34e6e370 in avro::DataFileReaderBase::readDataBlock() obj-x86_64-linux-gnu/../contrib/avro/lang/c++/impl/DataFile.cc:418:18
#1 0x34e70485 in avro::DataFileReaderBase::hasMore() obj-x86_64-linux-gnu/../contrib/avro/lang/c++/impl/DataFile.cc:338:9
...
```
You can find an example of corrupted file here: https://drive.google.com/file/d/1pEZk3cbWiPvFCbTnndTO5YbQameZ1Jt2/view?usp=sharing
Reading this corrupted file under address sanitizer leads to heap-buffer-overflow.

Attachments

Issue Links

links to

Pull Request

Activity

People

Assignee:: Martin Tzvetanov Grigorov

Reporter:: Martin Tzvetanov Grigorov

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 25/Jul/22 19:45

Updated:: 25/Jul/22 19:46

Resolved:: 25/Jul/22 19:46