ksj1230 opened a new issue, #9897: URL: https://github.com/apache/arrow-rs/issues/9897
## Description This issue was previously reported privately and is now being disclosed following coordination with maintainers. `BufferBuilder::reserve()` computes `self.len + additional` without overflow checking. When the sum wraps, the capacity check may pass without reallocation, leading to an inconsistent internal state. This can result in a potential out-of-bounds write via safe Rust APIs. `append_n_zeroed()` and `advance()` are also affected, as both call `reserve()` through `extend_zeros()`. ## Fix See PR #9820 Reported by Sungjin Kim (@ksj1230) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
