wjones127 commented on PR #34668: URL: https://github.com/apache/arrow/pull/34668#issuecomment-1480178540
@mapleFU > Would you mind providing me the input file or test case? Or where does this segfault? I think the program would be prevent from fatal in somewhere You are right it didn't actually crash, it just caused a buffer overflow, which tripped the sanitizers. This was discovered in our fuzzing CI. Thanks for providing the test. It doesn't actually trigger the codepath for `len <= 0` since there is the header for the encoded lengths present: ``` "\x80\U00000001\U00000004\0\0" ``` That does make me wonder whether we should reject an empty buffer as corrupt (missing required header?). But also just loading no values makes sense too. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
