Uploaded image for project: 'ORC'
  1. ORC
  2. ORC-591

orc::readFully crash due to null pointer variable

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.7.0
    • Component/s: C++
    • Labels:
      None

      Description

      orc::readFully() could crash due to null pointer of stream variable. Reproduce by using orc-scan to read the attached corrupt orc file.

      Program received signal SIGSEGV, Segmentation fault.
      orc::readFully (buffer=0xb11c30 "", bufferSize=10, stream=0x0) at /home/quanlong/workspace/orc/c++/src/ColumnReader.cc:522
      522	      if (!stream->Next(&chunk, &length)) {
      (gdb) bt
      #0  orc::readFully (buffer=0xb11c30 "", bufferSize=10, stream=0x0) at /home/quanlong/workspace/orc/c++/src/ColumnReader.cc:522
      #1  0x00000000005f6c14 in orc::StringDictionaryColumnReader::StringDictionaryColumnReader (this=this@entry=0xb0ebc0, type=..., stripe=...) at /home/quanlong/workspace/orc/c++/src/ColumnReader.cc:596
      #2  0x00000000005f70bb in orc::buildReader (type=..., stripe=...) at /home/quanlong/workspace/orc/c++/src/ColumnReader.cc:1756
      #3  0x00000000005f722b in orc::StructColumnReader::StructColumnReader (this=this@entry=0xb0d7c0, type=..., stripe=...) at /home/quanlong/workspace/orc/c++/src/ColumnReader.cc:876
      #4  0x00000000005f701b in orc::buildReader (type=..., stripe=...) at /home/quanlong/workspace/orc/c++/src/ColumnReader.cc:1787
      #5  0x000000000059fd18 in orc::RowReaderImpl::startNextStripe (this=0xae3060) at /home/quanlong/workspace/orc/c++/src/Reader.cc:917
      #6  0x00000000005a016a in orc::RowReaderImpl::next (this=0xae3060, data=...) at /home/quanlong/workspace/orc/c++/src/Reader.cc:932
      #7  0x0000000000597a78 in scanFile (out=..., filename=<optimized out>, batchSize=batchSize@entry=1024) at /home/quanlong/workspace/orc/tools/src/FileScan.cc:39
      #8  0x00000000005972f8 in main (argc=1, argv=<optimized out>) at /home/quanlong/workspace/orc/tools/src/FileScan.cc:84
      (gdb) l
      517	  void readFully(char* buffer, int64_t bufferSize, SeekableInputStream* stream) {
      518	    int64_t posn = 0;
      519	    while (posn < bufferSize) {
      520	      const void* chunk;
      521	      int length;
      522	      if (!stream->Next(&chunk, &length)) {
      523	        throw ParseError("bad read in readFully");
      524	      }
      525	      if (posn + length > bufferSize) {
      526	        throw ParseError("Corrupt dictionary blob in StringDictionaryColumn");
      

        Attachments

        1. alltypes_uncompressed_corrupt.orc
          169 kB
          Quanlong Huang

          Issue Links

            Activity

              People

              • Assignee:
                stigahuang Quanlong Huang
                Reporter:
                stigahuang Quanlong Huang
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 20m
                  20m