hi Adam, Can you please send the security issue to priv...@arrow.apache.org (this is a moderated non-public list) and we can discuss there.
Thanks, Wes On Wed, Dec 18, 2019 at 10:43 AM Adam Hooper <a...@adamhooper.com> wrote: > > My project parses Arrow files produced by untrusted code. > > It looks to me like the "validate" function should help me avoid undefined > behavior given an invalid Arrow file. I found a bug in the function: even > after validation, an invalid Arrow file can trigger undefined behavior. > > Is security a goal of the Arrow project/format? If so, how shall I report > this bug without endangering other users in my situation? > > Enjoy life, > Adam > > -- > Adam Hooper > +1-514-882-9694 > http://adamhooper.com
