[
https://issues.apache.org/jira/browse/AVRO-2220?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Thiruvalluvan M. G. updated AVRO-2220:
--------------------------------------
Fix Version/s: 1.9.0
> std::bad_alloc when String or Bytes field has a negative length
> ---------------------------------------------------------------
>
> Key: AVRO-2220
> URL: https://issues.apache.org/jira/browse/AVRO-2220
> Project: Apache Avro
> Issue Type: Bug
> Components: c++
> Reporter: Victor Mota
> Assignee: Victor Mota
> Priority: Major
> Fix For: 1.9.0
>
> Attachments:
> poc-18e554fc65b937059584f21805da4b598f2266290f19d764da2c30ca1c829d0a (3)
>
>
> Attached is a sample file created by our Fuzzer running on the C++ library
> that causes an std::bad_alloc due to the string or byte field having an
> invalid negative integer length. The fix is trivial I'll send out a PR soon
> but it's something like:
>
> {code:java}
> void BinaryDecoder::decodeString(std::string& value)
> {
> // Preserve the sign to avoid allocating memory if len is negative.
> ssize_t len = decodeInt();
> if (len < 0) {
> throw Exception(
> boost::format("Cannot have a string of negative length: %1%") % len);
> }
> value.resize(len);
> if (len > 0) {
> in_.readBytes(reinterpret_cast<uint8_t*>(&value[0]), len);
> }
> }{code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
