Fix out-of-bounds access in ORC writer #7902
Conversation
vuule
added
bug
Codecov Report
@@ Coverage Diff @@
## branch-0.20 #7902 +/- ##
===============================================
+ Coverage 82.30% 82.72% +0.42%
===============================================
Files 101 103 +2
Lines 17053 17705 +652
===============================================
+ Hits 14035 14647 +612
- Misses 3018 3058 +40
Continue to review full report at Codecov.
|
cpp/src/io/orc/orc.h
Outdated
| private: | ||
| // ORC column id (different from column index in the table!) | ||
| // Zero means no corresponding column in the table | ||
| uint32_t _column_id = 0; |
There was a problem hiding this comment.
Does this break any logic below that may have been expecting ~0 ? This stuff:
if (stream.column >= orc2gdf.size()) {
There was a problem hiding this comment.
Modified the logic to separate "0" column id from no column id, should be consistent with the original logic
| ff.types[0].subtypes[column.id()] = 1 + column.id(); | ||
| ff.types[0].fieldNames[column.id()] = column.orc_name(); | ||
| ff.types[column.id()].kind = column.orc_kind(); | ||
| ff.types[0].subtypes[column.index()] = column.id(); |
There was a problem hiding this comment.
This change looks confusing, because id() has been renamed to index(), and id() has then been added (returns index+1).
|
@nvdbaranec thank you for the quick reviews! |
|
@gpucibot merge |
Avoid out-of-bounds access due to streams holding column ids as
index + 1, and the first index stream using zero for its column id. In a few places the corresponding column is accessed as[column_id - 1], even when the id is zero.Other changes:
Small refactoring of ORC streams creation. and stream offset computation.