Yuxing Yao created HIVE-13397:
---------------------------------
Summary: ORC CompressedStream.read implementation not compatible
with SerializationUtils in exceptional case
Key: HIVE-13397
URL: https://issues.apache.org/jira/browse/HIVE-13397
Project: Hive
Issue Type: Bug
Reporter: Yuxing Yao
I used a orc file with some bytes corrupt to test whether the reader is
vulnerable to attacks. And I found there's a point in CompressedStream not
acting correctly when handling the exceptional case, and will cause a infinite
loop.
In
org.apache.hadoop.hive.ql.io.orc.InStream$CompressedStream.read(byte[] data,
int offset, int length)
when the data is incorrect, it will return -1 to mark that is exceptional case,
(Not throwing exception which is the right behavior for this buffered read).
and in
SerializationUtils.readLongBE(InStream in, long[] buffer, int start, int
numHops, int numBytes)
// bulk read to buffer
int bytesRead = in.read(readBuffer, 0, toRead);
while (bytesRead != toRead) {
bytesRead += in.read(readBuffer, bytesRead, toRead - bytesRead);
}
it do not check the -1 return value. and add the the bytesRead directly, which
caused the infinite loop.
Either change the read to throw exception or add -1 check here can fix this.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
