Skip to content

ORC-2190: [C++] Reject compressed chunk length exceeding block size in C++ reader#2671

Closed
dongjoon-hyun wants to merge 1 commit into
apache:mainfrom
dongjoon-hyun:ORC-2190
Closed

ORC-2190: [C++] Reject compressed chunk length exceeding block size in C++ reader#2671
dongjoon-hyun wants to merge 1 commit into
apache:mainfrom
dongjoon-hyun:ORC-2190

Conversation

@dongjoon-hyun

Copy link
Copy Markdown
Member

What changes were proposed in this pull request?

This PR makes the ORC C++ reader reject a compressed chunk whose length exceeds the configured
compression block size, matching the Java reader.

if (chunkLength > bufferSize) {
throw new IllegalArgumentException("Buffer size too small. size = " +
bufferSize + " needed = " + chunkLength + " in " + name);
}

Why are the changes needed?

The Java reader already performs this check in InStream.CompressedStream.readHeader, but the C++
reader was missing it. This is a defense-in-depth hardening (not a CVE): the chunk length is already
bounded to ~8MB by the 3-byte header, but the spec-mandated first check was absent on the C++ side.
Well-formed files are unaffected.

How was this patch tested?

Pass the CIs with the newly added test case.

Was this patch authored or co-authored using generative AI tooling?

Generated-by: Claude Fable 5

@dongjoon-hyun dongjoon-hyun marked this pull request as draft July 7, 2026 07:02
@dongjoon-hyun dongjoon-hyun marked this pull request as ready for review July 7, 2026 20:56
@dongjoon-hyun dongjoon-hyun added this to the 2.3.1 milestone Jul 7, 2026
dongjoon-hyun added a commit that referenced this pull request Jul 7, 2026
…n C++ reader

### What changes were proposed in this pull request?

This PR makes the ORC C++ reader reject a compressed chunk whose length exceeds the configured
compression block size, matching the Java reader.

https://github.com/apache/orc/blob/5d3cf1318b58416719e89169ae9d56f758311f7e/java/core/src/java/org/apache/orc/impl/InStream.java#L504-L507

### Why are the changes needed?

The Java reader already performs this check in `InStream.CompressedStream.readHeader`, but the C++
reader was missing it. This is a defense-in-depth hardening (not a CVE): the chunk length is already
bounded to ~8MB by the 3-byte header, but the spec-mandated first check was absent on the C++ side.
Well-formed files are unaffected.

### How was this patch tested?

Pass the CIs with the newly added test case.

### Was this patch authored or co-authored using generative AI tooling?

Generated-by: Claude Fable 5

Closes #2671 from dongjoon-hyun/ORC-2190.

Authored-by: Dongjoon Hyun <dongjoon@apache.org>
Signed-off-by: Dongjoon Hyun <dongjoon@apache.org>
(cherry picked from commit 6015de5)
Signed-off-by: Dongjoon Hyun <dongjoon@apache.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant