From 637d8d0f09de6a686461a447eebb4e59541e1276 Mon Sep 17 00:00:00 2001
From: avogar <pav.cruglov@yandex.ru>
Date: Mon, 13 Mar 2023 18:52:29 +0000
Subject: [PATCH 1/2] Fix BSONEachRow parallel parsing when document size is
 invalid

---
 src/Processors/Formats/Impl/BSONEachRowRowInputFormat.cpp      | 3 +++
 .../0_stateless/02589_bson_invalid_document_size.reference     | 0
 tests/queries/0_stateless/02589_bson_invalid_document_size.sql | 2 ++
 3 files changed, 5 insertions(+)
 create mode 100644 tests/queries/0_stateless/02589_bson_invalid_document_size.reference
 create mode 100644 tests/queries/0_stateless/02589_bson_invalid_document_size.sql

diff --git a/src/Processors/Formats/Impl/BSONEachRowRowInputFormat.cpp b/src/Processors/Formats/Impl/BSONEachRowRowInputFormat.cpp
index 02fe58094ae..f2db53c707e 100644
--- a/src/Processors/Formats/Impl/BSONEachRowRowInputFormat.cpp
+++ b/src/Processors/Formats/Impl/BSONEachRowRowInputFormat.cpp
@@ -999,6 +999,9 @@ fileSegmentationEngineBSONEachRow(ReadBuffer & in, DB::Memory<> & memory, size_t
                 "the value setting 'min_chunk_bytes_for_parallel_parsing' or check your data manually, most likely BSON is malformed",
                 min_bytes, document_size);
 
+        if (document_size < sizeof(document_size))
+            throw ParsingException(ErrorCodes::INCORRECT_DATA, "Size of BSON document is invalid");
+
         size_t old_size = memory.size();
         memory.resize(old_size + document_size);
         memcpy(memory.data() + old_size, reinterpret_cast<char *>(&document_size), sizeof(document_size));
diff --git a/tests/queries/0_stateless/02589_bson_invalid_document_size.reference b/tests/queries/0_stateless/02589_bson_invalid_document_size.reference
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/tests/queries/0_stateless/02589_bson_invalid_document_size.sql b/tests/queries/0_stateless/02589_bson_invalid_document_size.sql
new file mode 100644
index 00000000000..f5bd46cc0b2
--- /dev/null
+++ b/tests/queries/0_stateless/02589_bson_invalid_document_size.sql
@@ -0,0 +1,2 @@
+select * from format(BSONEachRow, 'x UInt32', x'00000000'); -- {serverError INCORRECT_DATA}
+

From a200ad9b991e14e5f70e4040e0442a902ff0627a Mon Sep 17 00:00:00 2001
From: Kruglov Pavel <48961922+Avogar@users.noreply.github.com>
Date: Wed, 15 Mar 2023 12:20:14 +0100
Subject: [PATCH 2/2] Fix test flakiness

---
 tests/queries/0_stateless/02589_bson_invalid_document_size.sql | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/queries/0_stateless/02589_bson_invalid_document_size.sql b/tests/queries/0_stateless/02589_bson_invalid_document_size.sql
index f5bd46cc0b2..d7be783e513 100644
--- a/tests/queries/0_stateless/02589_bson_invalid_document_size.sql
+++ b/tests/queries/0_stateless/02589_bson_invalid_document_size.sql
@@ -1,2 +1,2 @@
+set input_format_parallel_parsing=1;
 select * from format(BSONEachRow, 'x UInt32', x'00000000'); -- {serverError INCORRECT_DATA}
-