adamreeve commented on code in PR #43413:
URL: https://github.com/apache/arrow/pull/43413#discussion_r1722949077
##########
cpp/src/parquet/encryption/encryption_internal.cc:
##########
@@ -597,16 +617,27 @@ int AesDecryptor::AesDecryptorImpl::GcmDecrypt(span<const
uint8_t> ciphertext,
}
// Setting additional authenticated data
+ if (aad.size() > static_cast<size_t>(std::numeric_limits<int>::max())) {
+ std::stringstream ss;
+ ss << "AAD size " << aad.size() << " overflows int";
+ throw ParquetException(ss.str());
+ }
if ((!aad.empty()) && (1 != EVP_DecryptUpdate(ctx_, nullptr, &len,
aad.data(),
static_cast<int>(aad.size())))) {
throw ParquetException("Couldn't set AAD");
}
// Decryption
- if (!EVP_DecryptUpdate(
- ctx_, plaintext.data(), &len,
- ciphertext.data() + length_buffer_length_ + kNonceLength,
- ciphertext_len - length_buffer_length_ - kNonceLength -
kGcmTagLength)) {
+ int32_t decryption_length =
+ ciphertext_len - length_buffer_length_ - kNonceLength - kGcmTagLength;
+ if (decryption_length > std::numeric_limits<int>::max()) {
Review Comment:
Yeah the intention was to handle platforms with 16 bit ints, but you're
right, this isn't needed. This should get compiled away when optimizations are
enabled at least, but I'll remove it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
