This is an automated email from the ASF dual-hosted git repository.
apitrou pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/arrow.git
The following commit(s) were added to refs/heads/main by this push:
new 6b242538cf GH-43885: [C++][CI] Catch potential integer overflow in
PoolBuffer (#43886)
6b242538cf is described below
commit 6b242538cf5723da5735814af9a18d0a9b41d5a4
Author: Antoine Pitrou <[email protected]>
AuthorDate: Thu Aug 29 21:14:39 2024 +0200
GH-43885: [C++][CI] Catch potential integer overflow in PoolBuffer (#43886)
This should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=71200
* GitHub Issue: #43885
Lead-authored-by: Antoine Pitrou <[email protected]>
Co-authored-by: Antoine Pitrou <[email protected]>
Signed-off-by: Antoine Pitrou <[email protected]>
---
cpp/src/arrow/memory_pool.cc | 11 +++++++++--
testing | 2 +-
2 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/cpp/src/arrow/memory_pool.cc b/cpp/src/arrow/memory_pool.cc
index 1e855311a9..3420778127 100644
--- a/cpp/src/arrow/memory_pool.cc
+++ b/cpp/src/arrow/memory_pool.cc
@@ -858,7 +858,7 @@ class PoolBuffer final : public ResizableBuffer {
}
uint8_t* ptr = mutable_data();
if (!ptr || capacity > capacity_) {
- int64_t new_capacity = bit_util::RoundUpToMultipleOf64(capacity);
+ ARROW_ASSIGN_OR_RAISE(int64_t new_capacity, RoundCapacity(capacity));
if (ptr) {
RETURN_NOT_OK(pool_->Reallocate(capacity_, new_capacity, alignment_,
&ptr));
} else {
@@ -878,7 +878,7 @@ class PoolBuffer final : public ResizableBuffer {
if (ptr && shrink_to_fit && new_size <= size_) {
// Buffer is non-null and is not growing, so shrink to the requested
size without
// excess space.
- int64_t new_capacity = bit_util::RoundUpToMultipleOf64(new_size);
+ ARROW_ASSIGN_OR_RAISE(int64_t new_capacity, RoundCapacity(new_size));
if (capacity_ != new_capacity) {
// Buffer hasn't got yet the requested size.
RETURN_NOT_OK(pool_->Reallocate(capacity_, new_capacity, alignment_,
&ptr));
@@ -916,6 +916,13 @@ class PoolBuffer final : public ResizableBuffer {
}
private:
+ static Result<int64_t> RoundCapacity(int64_t capacity) {
+ if (capacity > std::numeric_limits<int64_t>::max() - 63) {
+ return Status::OutOfMemory("capacity too large");
+ }
+ return bit_util::RoundUpToMultipleOf64(capacity);
+ }
+
MemoryPool* pool_;
int64_t alignment_;
};
diff --git a/testing b/testing
index 735ae7128d..4d209492d5 160000
--- a/testing
+++ b/testing
@@ -1 +1 @@
-Subproject commit 735ae7128d571398dd798d7ff004adebeb342883
+Subproject commit 4d209492d514c2d3cb2d392681b9aa00e6d8da1c
