avro-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dcrea...@apache.org
Subject svn commit: r1551941 - in /avro/trunk: CHANGES.txt lang/c/src/value-read.c lang/c/tests/CMakeLists.txt lang/c/tests/avro-1237-bad-union-discriminant.avro lang/c/tests/avro-1237-good.avro lang/c/tests/test_avro_1237.c
Date Wed, 18 Dec 2013 13:31:53 GMT
Author: dcreager
Date: Wed Dec 18 13:31:53 2013
New Revision: 1551941

URL: http://svn.apache.org/r1551941
Log:
AVRO-1237. C: Verify union discriminant when reading Avro data files.

Test case submitted by Michael Cooper.  Michael's original fix was to
perform a bounds check in avro_value_set_branch, but I've opted for a
solution in avro_value_read.  This has two benefits: the check is only
performed when reading a discriminant value from an unsafe source, and
it doesn't impose an extra burden on anyone writing their own custom
value implementations.

Added:
    avro/trunk/lang/c/tests/avro-1237-bad-union-discriminant.avro   (with props)
    avro/trunk/lang/c/tests/avro-1237-good.avro   (with props)
    avro/trunk/lang/c/tests/test_avro_1237.c
Modified:
    avro/trunk/CHANGES.txt
    avro/trunk/lang/c/src/value-read.c
    avro/trunk/lang/c/tests/CMakeLists.txt

Modified: avro/trunk/CHANGES.txt
URL: http://svn.apache.org/viewvc/avro/trunk/CHANGES.txt?rev=1551941&r1=1551940&r2=1551941&view=diff
==============================================================================
--- avro/trunk/CHANGES.txt (original)
+++ avro/trunk/CHANGES.txt Wed Dec 18 13:31:53 2013
@@ -79,6 +79,9 @@ Trunk (not yet released)
 
     AVRO-1358. C: Hide symbols that aren't in the public API. (dcreager)
 
+    AVRO-1237. C: Bounds-check union discriminant when reading a data file.
+    (Michael Cooper via dcreager)
+
 Avro 1.7.5 (12 August 2013)
 
   NEW FEATURES

Modified: avro/trunk/lang/c/src/value-read.c
URL: http://svn.apache.org/viewvc/avro/trunk/lang/c/src/value-read.c?rev=1551941&r1=1551940&r2=1551941&view=diff
==============================================================================
--- avro/trunk/lang/c/src/value-read.c (original)
+++ avro/trunk/lang/c/src/value-read.c Wed Dec 18 13:31:53 2013
@@ -160,13 +160,18 @@ read_union_value(avro_reader_t reader, a
 {
 	int rval;
 	int64_t discriminant;
+	avro_schema_t  union_schema;
+	int64_t  branch_count;
 	avro_value_t  branch;
 
 	check_prefix(rval, avro_binary_encoding.
 		     read_long(reader, &discriminant),
 		     "Cannot read union discriminant: ");
 
-	if (discriminant < 0) {
+	union_schema = avro_value_get_schema(dest);
+	branch_count = avro_schema_union_size(union_schema);
+
+	if (discriminant < 0 || discriminant >= branch_count) {
 		avro_set_error("Invalid union discriminant value: (%d)",
 			       discriminant);
 		return 1;

Modified: avro/trunk/lang/c/tests/CMakeLists.txt
URL: http://svn.apache.org/viewvc/avro/trunk/lang/c/tests/CMakeLists.txt?rev=1551941&r1=1551940&r2=1551941&view=diff
==============================================================================
--- avro/trunk/lang/c/tests/CMakeLists.txt (original)
+++ avro/trunk/lang/c/tests/CMakeLists.txt Wed Dec 18 13:31:53 2013
@@ -54,6 +54,7 @@ add_avro_test(test_avro_1034)
 add_avro_test(test_avro_1084)
 add_avro_test(test_avro_1087)
 add_avro_test(test_avro_1165)
+add_avro_test(test_avro_1237)
 add_avro_test(test_avro_1238)
 add_avro_test(test_avro_1279)
 add_avro_test(test_avro_data)

Added: avro/trunk/lang/c/tests/avro-1237-bad-union-discriminant.avro
URL: http://svn.apache.org/viewvc/avro/trunk/lang/c/tests/avro-1237-bad-union-discriminant.avro?rev=1551941&view=auto
==============================================================================
Binary file - no diff available.

Propchange: avro/trunk/lang/c/tests/avro-1237-bad-union-discriminant.avro
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: avro/trunk/lang/c/tests/avro-1237-good.avro
URL: http://svn.apache.org/viewvc/avro/trunk/lang/c/tests/avro-1237-good.avro?rev=1551941&view=auto
==============================================================================
Binary file - no diff available.

Propchange: avro/trunk/lang/c/tests/avro-1237-good.avro
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: avro/trunk/lang/c/tests/test_avro_1237.c
URL: http://svn.apache.org/viewvc/avro/trunk/lang/c/tests/test_avro_1237.c?rev=1551941&view=auto
==============================================================================
--- avro/trunk/lang/c/tests/test_avro_1237.c (added)
+++ avro/trunk/lang/c/tests/test_avro_1237.c Wed Dec 18 13:31:53 2013
@@ -0,0 +1,112 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to you under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ * implied.  See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+#include <avro.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#define check_exit(call) \
+	do { \
+		int  __rc = call; \
+		if (__rc != 0) { \
+			fprintf(stderr, "Unexpected error:\n  %s\n  %s\n", \
+				avro_strerror(), #call); \
+			exit(EXIT_FAILURE); \
+		} \
+	} while (0)
+
+#define expect_error(call) \
+	do { \
+		int  __rc = call; \
+		if (__rc == 0) { \
+			fprintf(stderr, "Expected an error:\n  %s\n", #call); \
+			exit(EXIT_FAILURE); \
+		} \
+	} while (0)
+
+#define check_expected_value(actual, expected) \
+	do { \
+		if (!avro_value_equal_fast((actual), (expected))) { \
+			char  *actual_json; \
+			char  *expected_json; \
+			avro_value_to_json((actual), 1, &actual_json); \
+			avro_value_to_json((expected), 1, &expected_json); \
+			fprintf(stderr, "Expected %s\nGot      %s\n", \
+				expected_json, actual_json); \
+			free(actual_json); \
+			free(expected_json); \
+			exit(EXIT_FAILURE); \
+		} \
+	} while (0)
+
+int main(void)
+{
+	avro_schema_t  schema;
+	avro_file_reader_t  reader;
+	avro_value_iface_t  *iface;
+	avro_value_t  actual;
+	avro_value_t  expected;
+	avro_value_t  branch;
+
+	schema = avro_schema_union();
+	avro_schema_union_append(schema, avro_schema_null());
+	avro_schema_union_append(schema, avro_schema_int());
+
+	iface = avro_generic_class_from_schema(schema);
+	avro_generic_value_new(iface, &actual);
+	avro_generic_value_new(iface, &expected);
+
+
+	/* First read the contents of the good file. */
+
+	check_exit(avro_file_reader("avro-1237-good.avro", &reader));
+
+	check_exit(avro_file_reader_read_value(reader, &actual));
+	check_exit(avro_value_set_branch(&expected, 0, &branch));
+	check_exit(avro_value_set_null(&branch));
+	check_expected_value(&actual, &expected);
+
+	check_exit(avro_file_reader_read_value(reader, &actual));
+	check_exit(avro_value_set_branch(&expected, 1, &branch));
+	check_exit(avro_value_set_int(&branch, 100));
+	check_expected_value(&actual, &expected);
+
+	check_exit(avro_file_reader_close(reader));
+
+
+	/* Then read from the malformed file. */
+
+	check_exit(avro_file_reader
+		   ("avro-1237-bad-union-discriminant.avro", &reader));
+
+	check_exit(avro_file_reader_read_value(reader, &actual));
+	check_exit(avro_value_set_branch(&expected, 0, &branch));
+	check_exit(avro_value_set_null(&branch));
+	check_expected_value(&actual, &expected);
+
+	expect_error(avro_file_reader_read_value(reader, &actual));
+
+	check_exit(avro_file_reader_close(reader));
+
+
+	/* Clean up and exit */
+	avro_value_decref(&actual);
+	avro_value_decref(&expected);
+	avro_value_iface_decref(iface);
+	avro_schema_decref(schema);
+	exit(EXIT_SUCCESS);
+}



Mime
View raw message