Skip to content

ORC Format Parsing – Out-of-Bounds Access in Protobuf Messages #33797

Closed
#33984
Closed
ORC Format Parsing – Out-of-Bounds Access in Protobuf Messages#33797
#33984
Assignees
Avogar
Labels
developmentDevelopement process & source code & implementation detailsunexpected behaviourResult is unexpected, but not entirely wrong at the same time.
@HeenaBansal2009

Description

@HeenaBansal2009
HeenaBansal2009
opened on Jan 19, 2022

Describe the unexpected behaviour
When processing ORC data in ClickHouse , what happens if type.fieldnames_size() is less than the type.subtypes_size(). The type.fieldnames(i) will be invalid access.

File name : TypeImpl.cc

case proto::Type_Kind_STRUCT: {
TypeImpl* result = new TypeImplSTRUCT);
uint64_t size = static_cast<uint64_t>(type.subtypes_size());
std::vector<Type*> typeList(size);
std::vector<std::string> fieldList(size);
for(int i=0; i < type.subtypes_size(); ++i)
{ result->addStructField(type.fieldnames(i), convertType(footer.types(static_cast<int> (type.subtypes(i))),footer)); }
return std::unique_ptr<Type>(result);
  • Which ClickHouse server version to use -Affects all Clickhouse-versions.

Metadata

Metadata

Assignees

Labels

developmentDevelopement process & source code & implementation detailsunexpected behaviourResult is unexpected, but not entirely wrong at the same time.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions