You are viewing a plain text version of this content. The canonical link for it is here.

Posted to github@arrow.apache.org by "wjones127 (via GitHub)" <gi...@apache.org> on 2023/03/22 19:55:16 UTC

[GitHub] [arrow] wjones127 commented on pull request #34668: GH-34667: [C++][Parquet] Test DeltaLengthByteArrayDecoder with invalid inputs

wjones127 commented on PR #34668:
URL: https://github.com/apache/arrow/pull/34668#issuecomment-1480178540

   @mapleFU 
   > Would you mind providing me the input file or test case? Or where does this segfault? I think the program would be prevent from fatal in somewhere
   
   You are right it didn't actually crash, it just caused a buffer overflow, which tripped the sanitizers. This was discovered in our fuzzing CI.
   
   Thanks for providing the test. It doesn't actually trigger the codepath for `len <= 0` since there is the header for the encoded lengths present:
   
   ```
   "\x80\U00000001\U00000004\0\0"
   ```
   
   That does make me wonder whether we should reject an empty buffer as corrupt (missing required header?). But also just loading no values makes sense too.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org