Skip to content

GH-48311: [C++] Fix OOB memory access in buffered IO #48322

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
chegoryu wants to merge 5 commits into
base: main
Choose a base branch
from
Open

GH-48311: [C++] Fix OOB memory access in buffered IO #48322

chegoryu wants to merge 5 commits into from
+44 −4

Conversation

@chegoryu
Copy link
Contributor

@chegoryu chegoryu commented Dec 3, 2025
edited by github-actions bot
Loading

Rationale for this change

Fixing: #48311

What changes are included in this PR?

Applied fix from #48311 and added test

Are these changes tested?

Yes, added test, without my patch test fails with debug check:

Note: Google Test filter = TestBufferedInputStream.PeekAfterExhaustingBuffer
[==========] Running 1 test from 1 test suite.
[----------] Global test environment set-up.
[----------] 1 test from TestBufferedInputStream
[ RUN      ] TestBufferedInputStream.PeekAfterExhaustingBuffer
/Users/chegoryu/Junk/git/arrow/cpp/src/arrow/io/buffered.cc:337:  Check failed: buffer_->size() - buffer_pos_ >= nbytes

Are there any user-facing changes?

No, this PR fixes a bug

@github-actions
Copy link

github-actions bot commented Dec 3, 2025

⚠️ GitHub issue #48311 has been automatically assigned in GitHub to PR creator.

@chegoryu
Copy link
Contributor Author

chegoryu commented Jan 1, 2026

@wgtmac Hi, I don't know who to ping, so I chose you since you’ve looked at one of my reviews.

Can you suggest the right person to call to review this? This bug is really annoying and appears very randomly (and looks like a corrupted allocator, so it's hard to debug).

@wgtmac
Copy link
Member

wgtmac commented Jan 7, 2026

cc @mapleFU

mapleFU
mapleFU reviewed Jan 7, 2026
View reviewed changes
cpp/src/arrow/io/buffered.cc
// No need to reserve space for more than the total remaining number of bytes.
if (bytes_buffered_ == 0) {
// Special case: we can not keep the current buffer because it does not
// Special case: we can override data in the current buffer because it does not
Copy link
Member

@mapleFU mapleFU Jan 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you rewrite comment in SetBufferSize? Since buffer_pos_ would be rewritten now

Copy link
Contributor Author

@chegoryu chegoryu Jan 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missed that comment, thanks, fixed

@github-actions github-actions bot added awaiting committer review Awaiting committer review and removed awaiting review Awaiting review labels Jan 7, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mapleFU mapleFU mapleFU left review comments

Assignees

No one assigned

Labels

awaiting committer review Awaiting committer review Component: C++

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@chegoryu @wgtmac @mapleFU