Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bounds checking in MutableBuffer::set_null_bits can be bypassed #4620

Closed
kawadakk opened this issue Aug 2, 2023 · 1 comment · Fixed by #4621
Closed

Bounds checking in MutableBuffer::set_null_bits can be bypassed #4620

kawadakk opened this issue Aug 2, 2023 · 1 comment · Fixed by #4621
Labels
arrow Changes to the arrow crate bug

Comments

@kawadakk
Copy link
Contributor

kawadakk commented Aug 2, 2023
edited

Describe the bug
Bounds checking in MutableBuffer::set_null_bits can be bypassed by supplying input parameters that would cause integer overflow, breaking the safety guarantees.

To Reproduce

fn main() {
    let mut buf = arrow::buffer::MutableBuffer::new(0);
    buf.set_null_bits(1, usize::MAX);
}
$ cargo run --release --quiet
fish: Job 2, 'cargo run --release --quiet' terminated by signal SIGSEGV (Address boundary error)

Expected behavior
Avoiding undefined behaviour by panicking, aborting, or silently saturating a given range.

Additional context
@kawadakk kawadakk added the bug label Aug 2, 2023
@kawadakk kawadakk mentioned this issue Aug 2, 2023
Merged
@tustvold tustvold added the arrow Changes to the arrow crate label Aug 15, 2023
@tustvold
Copy link
Contributor

label_issue.py automatically added labels {'arrow'} from #4621

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
arrow Changes to the arrow crate bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(buffer): panic on end index overflow in MutableBuffer::set_null_bits kawadakk/arrow-rs
2 participants
@tustvold @kawadakk