Fixes a memory leak issue in the Avro C library under abnormal data scenarios. by kwenzh · Pull Request #3635 · apache/avro

kwenzh · 2026-01-27T09:51:55Z

What is the purpose of the change

Does not properly validate that the string length does not exceed available buffer space, potentially leading to buffer overflow
Add a macro definition AVRO_SAFE_READ to release memory upon exception return.

Verifying this change

Construct a schema and data that do not match, and call the read_string function to read them.
Observe memory usage.
Stop reading，Observe if memory usage decreases.

Alternatively, you can use valgrind to check for memory leaks.

Documentation

martin-g · 2026-01-27T13:51:28Z

+		return mem_reader->len - mem_reader->read;
+	} else if (is_file_io(reader)) {
+		struct _avro_reader_file_t *file_reader = avro_reader_to_file(reader);
+		return bytes_available(file_reader);


This returns only the buffered bytes, not all remaining bytes as the memory io branch above

sorry， I haven't found a way to get the remaining buffer length for file I/O. My goal is to check the maximum readable length before malloc to avoid memory leaks caused by the length exceeding the limit during avro_read_memory checks. Are there any other good solutions?

This returns only the buffered bytes, not all remaining bytes as the memory io branch above

maybe use (int64_t) sizeof(reader->buffer) , Am I understanding this correctly?

martin-g · 2026-01-27T13:52:51Z

+    //  max := r.tail - r.head + 1; if max >= 0 && size > max
+	max_available = avro_max_read(reader);
+	if (max_available >= 0 && str_len > max_available) {
+	    avro_set_error("mem io: String length %" PRId64 " is greater than available buffer size %" PRId64,


Please make sure to use the same indentation as the rest of the file, i.e. tabs.

fabiocfabini · 2026-04-14T13:33:03Z

Is anything preventing this particular request to be merged?

fabiocfabini · 2026-04-14T14:52:28Z

Why can't the fix simply include the addition of the AVRO_READ_OR_FREE macro and replace the AVRO_READ calls in the read_string and read_bytes functions?

martin-g · 2026-04-15T05:15:38Z

Is anything preventing this particular request to be merged?

There are no active maintainers of the C SDK...

We will need to the community to review and approve the changes before merging it.

kwenzh · 2026-04-15T07:56:33Z

Is this issue confirmed? Are there any other questions regarding the code modification logic?

fabiocfabini · 2026-04-15T09:23:40Z

Is anything preventing this particular request to be merged?

There are no active maintainers of the C SDK...

We will need to the community to review and approve the changes before merging it.

How can one become such a maintainer? Also, what does it mean the community needs to review?

fabiocfabini · 2026-04-15T09:25:16Z

Is this issue confirmed? Are there any other questions regarding the code modification logic?

Is there a reasons why the modifications can't simply revolve around replacing AVRO_READ for AVRO_READ_OR_FREE in the read_string and read_bytes functions?

martin-g · 2026-04-15T12:16:02Z

How can one become such a maintainer?

https://community.apache.org/contributors/becomingacommitter.html

Also, what does it mean the community needs to review?

It means that the users of the C SDK are encouraged to review the PR(s) and comment on them - what is good and bad. Once a PR is approved by a few users we (the maintainers of the other SDKs) can merge it and make it part of the next release.

kwenzh · 2026-04-16T09:53:39Z

Is this issue confirmed? Are there any other questions regarding the code modification logic?

Is there a reasons why the modifications can't simply revolve around replacing AVRO_READ for AVRO_READ_OR_FREE in the read_string and read_bytes functions?

The current modification is as follows, isn't ?

fabiocfabini · 2026-04-17T08:38:01Z

The current modification is as follows, isn't ?

What is the purpose of the avro_max_read function being introduced? The current error reporting already accurately reports if the string size is bigger then the size of the encoded buffer. What other purpose does it serve?

fix: avro c mem leak

8f4444d

github-actions bot added the C label Jan 27, 2026

kwenzh mentioned this pull request Jan 27, 2026

【BUG】the metric starrocks_be_process_mem_bytes is not precise， maybe casue query Memory of process exceed limit StarRocks/starrocks#67222

Open

martin-g reviewed Jan 27, 2026

View reviewed changes

KalleOlaviNiemitalo reviewed Jan 27, 2026

View reviewed changes

Comment thread lang/c/src/encoding.h

Comment thread lang/c/src/encoding.h Outdated

kwenzh added 2 commits January 28, 2026 09:48

fix code review

034ce7a

fix auto cirunner unittest

bc097af

Conversation

kwenzh commented Jan 27, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

What is the purpose of the change

Verifying this change

Documentation

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

martin-g Jan 27, 2026

Choose a reason for hiding this comment

Uh oh!

kwenzh Jan 28, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

kwenzh Jan 28, 2026

Choose a reason for hiding this comment

Uh oh!

martin-g Jan 27, 2026

Choose a reason for hiding this comment

Uh oh!

kwenzh Jan 28, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

fabiocfabini commented Apr 14, 2026

Uh oh!

fabiocfabini commented Apr 14, 2026

Uh oh!

martin-g commented Apr 15, 2026

Uh oh!

kwenzh commented Apr 15, 2026

Uh oh!

fabiocfabini commented Apr 15, 2026

Uh oh!

fabiocfabini commented Apr 15, 2026

Uh oh!

martin-g commented Apr 15, 2026

Uh oh!

kwenzh commented Apr 16, 2026

Uh oh!

fabiocfabini commented Apr 17, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

kwenzh commented Jan 27, 2026 •

edited

Loading

kwenzh Jan 28, 2026 •

edited

Loading