Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User buffer backed writer exceeds buffer length when writing. #319

Open
nirosys opened this issue Jan 27, 2023 · 0 comments
Open

User buffer backed writer exceeds buffer length when writing. #319

nirosys opened this issue Jan 27, 2023 · 0 comments
Labels
bug

Comments

@nirosys
Copy link
Contributor

nirosys commented Jan 27, 2023

When creating an ION_WRITER backed by a user supplied buffer, it appears the stream limit continues to increase beyond the stream size (as if it were a page-backed stream).

Address 0x7ff7b4a06aaa is located in stack of thread T0 at offset 42 in frame
    #0 0x10b8c52bf in IonTextDownconvert_ErrorIfBufferSmall_Test::TestBody() test_ion_text.cpp:1423

  This frame has 15 object(s):
    [32, 42) 'json_text' (line 1426) <== Memory access at offset 42 overflows this variable
    [64, 68) 'err' (line 1428)
    [80, 88) 'reader' (line 1429)
    [112, 120) 'writer' (line 1430)
    [144, 256) 'woptions' (line 1431)
    [288, 360) 'roptions' (line 1432)

Using the unit test:

TEST(IonTextDownconvert, ErrorIfBufferSmall) {
    const char *ion_text = "{data: null.string}";
    // JSON should be '{"data": null}'
    char json_text[10]; // would need 14 bytes to write the JSON.

    iERR err = IERR_OK;
    hREADER reader = NULL;
    hWRITER writer = NULL;
    ION_WRITER_OPTIONS woptions = {0};
    ION_READER_OPTIONS roptions = {0};

    // woptions.json_downconvert = TRUE;
    memset((void*)json_text, 0, sizeof(json_text));

    IONCHECK(ion_reader_open_buffer(&reader, (BYTE*)ion_text, strlen(ion_text), &roptions));
    IONCHECK(ion_writer_open_buffer(&writer, (BYTE*)json_text, sizeof(json_text) - 1, &woptions));

    ASSERT_TRUE(_ion_stream_is_fully_buffered(writer->output));
    // This call should return an IERR_EOF error, indicating that the writer has reached its end.
    err = ion_writer_write_all_values(writer, reader);

    ASSERT_EQ(err, IERR_EOF);
    ion_writer_close(writer);
    ion_reader_close(reader);
    return;
fail:
    if (writer != NULL)
        ion_writer_close(writer);
    if (reader != NULL)
        ion_reader_close(reader);
    ASSERT(false);
}

I started digging into this and it looks like there is a conflict between how paged streams are treated, vs user buffer streams. The limit appears to be extending as bytes are writing to the stream and the size of the buffer is not considered at some point. I need to keep digging.
@nirosys nirosys added the bug label Jan 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nirosys