Pranav Lodha has uploaded this change for review. ( http://gerrit.cloudera.org:8080/23177
Change subject: IMPALA-14269: Bump ORC C++ version to 1.7.9-p11 to fix heap buffer overflow ...................................................................... IMPALA-14269: Bump ORC C++ version to 1.7.9-p11 to fix heap buffer overflow A heap-based buffer overflow vulnerability was identified in Apache ORC's C++ LZO decompression implementation. Specially crafted malformed ORC files can cause the decompressor to allocate a 250-byte buffer followed by a 295-byte copy, leading to memory corruption. This patch incorporates fix P11 which corrects the unsafe memory copy, mitigating the vulnerability. Change-Id: I58c6723139054bf6a899a18e89b40fe6dc4fa356 --- A source/orc/orc-1.7.9-patches/0011-ORC-1879-C-Fix-Heap-Buffer-Overflow-in-LZO-Decompression-.patch 1 file changed, 57 insertions(+), 0 deletions(-) git pull ssh://gerrit.cloudera.org:29418/native-toolchain refs/changes/77/23177/2 -- To view, visit http://gerrit.cloudera.org:8080/23177 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: native-toolchain Gerrit-Branch: master Gerrit-MessageType: newchange Gerrit-Change-Id: I58c6723139054bf6a899a18e89b40fe6dc4fa356 Gerrit-Change-Number: 23177 Gerrit-PatchSet: 2 Gerrit-Owner: Pranav Lodha <[email protected]>
