bahman/scylla
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

types: unserialize_value for multiprecision_int,bool: don't read uninitialized memory

Browse Source 
Check the first fragment before dereferencing it, the fragment might be
empty, in which case move to the next one.
Found by running range scan tests with random schema and random data.

Fixes: #12821
Fixes: #12823
Fixes: #12708

Closes #12824
This commit is contained in:
Botond Dénes
2023-02-13 08:32:47 -05:00
committed by Avi Kivity
parent c8e2bf1596
commit ef548e654d
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
types/types.cc
View File

@@ -2023,6 +2023,10 @@ data_value deserialize_aux(const tuple_type_impl& t, View v) {
template<FragmentedView View>
utils::multiprecision_int deserialize_value(const varint_type_impl&, View v) {
if (v.empty()) {
throw marshal_exception("cannot deserialize multiprecision int - empty buffer");
}
skip_empty_fragments(v);
bool negative = v.current_fragment().front() < 0;
utils::multiprecision_int num;
while (v.size_bytes()) {
@@ -2119,6 +2123,7 @@ bool deserialize_value(const boolean_type_impl&, View v) {
if (v.size_bytes() != 1) {
throw marshal_exception(format("cannot deserialize boolean, size mismatch ({:d})", v.size_bytes()));
}
skip_empty_fragments(v);
return v.current_fragment().front() != 0;
}