Pranav Lodha has uploaded a new patch set (#3). ( http://gerrit.cloudera.org:8080/23177 )
Change subject: IMPALA-14269: Bump ORC C++ version to 1.7.9-p11 to fix heap buffer overflow ...................................................................... IMPALA-14269: Bump ORC C++ version to 1.7.9-p11 to fix heap buffer overflow A heap-based buffer overflow vulnerability was identified in Apache ORC's C++ LZO decompression implementation. Specially crafted malformed ORC files can cause the decompressor to allocate a 250-byte buffer followed by a 295-byte copy, leading to memory corruption. This patch incorporates fix P11 which corrects the unsafe memory copy, mitigating the vulnerability. Change-Id: I58c6723139054bf6a899a18e89b40fe6dc4fa356 --- M buildall.sh A source/orc/orc-1.7.9-patches/0011-ORC-1879-C-Fix-Heap-Buffer-Overflow-in-LZO-Decompression-.patch 2 files changed, 58 insertions(+), 1 deletion(-) git pull ssh://gerrit.cloudera.org:29418/native-toolchain refs/changes/77/23177/3 -- To view, visit http://gerrit.cloudera.org:8080/23177 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: native-toolchain Gerrit-Branch: master Gerrit-MessageType: newpatchset Gerrit-Change-Id: I58c6723139054bf6a899a18e89b40fe6dc4fa356 Gerrit-Change-Number: 23177 Gerrit-PatchSet: 3 Gerrit-Owner: Pranav Lodha <[email protected]> Gerrit-Reviewer: Pranav Lodha <[email protected]> Gerrit-Reviewer: Quanlong Huang <[email protected]>
