miniex opened a new pull request, #10237: URL: https://github.com/apache/arrow-rs/pull/10237
# Which issue does this PR close? - Closes #10234 - Closes #10235 # Rationale for this change The Avro OCF reader trusts two length fields straight from the input, so a small crafted file can take down a process that parses untrusted Avro. A block size of `i64::MAX` reaches `Vec::reserve` before any payload is read and aborts the process on a huge allocation (#10234). A block count of `i64::MAX` spins the array/map item loop forever for a zero-byte item type like `null`, and `i64::MIN` overflows the negative-count negation (#10235). # What changes are included in this PR? - `block.rs`: reserve only what the current input buffer backs, and let the rest grow as data arrives. - `record.rs`: reject a block item count larger than the bytes left to decode, and take the negative-count magnitude with `unsigned_abs`. - `cursor.rs`: add `AvroCursor::remaining()`, used by that bound. A count past the remaining bytes can only describe items that are not there. Items that read input each need at least one byte, so only the zero-byte case is rejected and valid blocks keep working. # Are these changes tested? Yes. The new tests hang or abort before this change and pass after. In `reader::block`, an `i64::MAX` block size stays bounded instead of aborting, a negative size errors, and a well-formed block still round-trips. In `reader::record`, `i64::MAX` and `i64::MIN` block counts on an `array<null>` now error instead of spinning the item loop. `fmt --check` and `clippy` are clean. # Are there any user-facing changes? Malformed Avro OCF input that used to abort or hang now returns a clean `AvroError`. There are no public API changes. --- I'm Korean, so sorry if any wording reads a little awkward. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
