Uploaded image for project: 'IMPALA'
  1. IMPALA
  2. IMPALA-6844

Fix possible NULL dereference in to_date() builtin

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: Impala 2.9.0, Impala 2.10.0, Impala 2.11.0
    • Fix Version/s: Impala 3.1.0
    • Component/s: Backend
    • Labels:

      Description

      If result.ptr allocation fails for some reason inside the StringVal constructor, we still overwrite result.len and continue.

      StringVal TimestampFunctions::ToDate(FunctionContext* context,
      const TimestampVal& ts_val) {
      if (ts_val.is_null) return StringVal::null();
      const TimestampValue ts_value = TimestampValue::FromTimestampVal(ts_val);
      // Defensively, return NULL if the timestamp does not have a date portion. Some of
      // our built-in functions might incorrectly return such a malformed timestamp.
      if (!ts_value.HasDate()) return StringVal::null();
      StringVal result(context, 10);
      result.len = 10;
      // Fill in year, month, and day.
      IntToChar(result.ptr, ts_value.date().year(), 4);  <-----
      IntToChar(result.ptr + 5, ts_value.date().month(), 2);
      IntToChar(result.ptr + 8, ts_value.date().day(), 2);
      // Fill in dashes.
      result.ptr[7] = '-';
      result.ptr[4] = '-';
      return result;
      }
      

        Attachments

          Activity

            People

            • Assignee:
              thundergun Vincent Tran
              Reporter:
              bharathv bharath v
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: