Gang Wu created ORC-2161:
----------------------------
Summary: [C++] UnionColumnReader should reject out-of-range union
tags
Key: ORC-2161
URL: https://issues.apache.org/jira/browse/ORC-2161
Project: ORC
Issue Type: Bug
Reporter: Gang Wu
Assignee: Gang Wu
The C++ UnionColumnReader trusts union tag bytes decoded from the ORC DATA
stream and uses them directly as indexes into per-child count arrays. For
malformed ORC files, a union tag value greater than or equal to the number of
union children causes out-of-bounds access instead of reporting invalid input.
This affects:
* UnionColumnReader::skip()
* UnionColumnReader::nextInternal()
* UnionColumnPrinter::printRow() has the same unchecked tag dispatch pattern
The reader should validate each non-null union tag against
type.getSubtypeCount() and throw ParseError when the tag is invalid.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
