Quanlong Huang has submitted this change and it was merged. ( http://gerrit.cloudera.org:8080/23177 )
Change subject: IMPALA-14269: Bump ORC C++ version to 1.7.9-p11 to fix heap buffer overflow ...................................................................... IMPALA-14269: Bump ORC C++ version to 1.7.9-p11 to fix heap buffer overflow A heap-based buffer overflow vulnerability was identified in Apache ORC's C++ LZO decompression implementation. Specially crafted malformed ORC files can cause the decompressor to allocate a 250-byte buffer followed by a 295-byte copy, leading to memory corruption. This patch incorporates fix P11 which corrects the unsafe memory copy, mitigating the vulnerability. Change-Id: I58c6723139054bf6a899a18e89b40fe6dc4fa356 Reviewed-on: http://gerrit.cloudera.org:8080/23177 Reviewed-by: Quanlong Huang <[email protected]> Tested-by: Quanlong Huang <[email protected]> --- M buildall.sh A source/orc/orc-1.7.9-patches/0011-ORC-1879-C-Fix-Heap-Buffer-Overflow-in-LZO-Decompression-.patch 2 files changed, 58 insertions(+), 1 deletion(-) Approvals: Quanlong Huang: Looks good to me, approved; Verified -- To view, visit http://gerrit.cloudera.org:8080/23177 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: native-toolchain Gerrit-Branch: master Gerrit-MessageType: merged Gerrit-Change-Id: I58c6723139054bf6a899a18e89b40fe6dc4fa356 Gerrit-Change-Number: 23177 Gerrit-PatchSet: 4 Gerrit-Owner: Pranav Lodha <[email protected]> Gerrit-Reviewer: Pranav Lodha <[email protected]> Gerrit-Reviewer: Quanlong Huang <[email protected]>
