[
https://issues.apache.org/jira/browse/ARROW-2222?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16412670#comment-16412670
]
ASF GitHub Bot commented on ARROW-2222:
---------------------------------------
crepererum commented on issue #1763: ARROW-2222: handle untrusted inputs (POC)
URL: https://github.com/apache/arrow/pull/1763#issuecomment-375901434
OK, I'll provide a comparison later.
BTW: fuzzing just got easier w/ llvm/clang 6.0. Since the fuzzer is now
officially a part of compiler-rt, it is likely that it's included in many
distributions / packages by default. For example. Arch bundles a
feature-complete compiler-rt, so no additional preparation is required to get
fuzzers working (just tested it).
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
> [C++] Add option to validate Flatbuffers messages
> -------------------------------------------------
>
> Key: ARROW-2222
> URL: https://issues.apache.org/jira/browse/ARROW-2222
> Project: Apache Arrow
> Issue Type: Improvement
> Components: C++
> Reporter: Wes McKinney
> Assignee: Marco Neumann
> Priority: Major
> Labels: pull-request-available
>
> This is follow up work to ARROW-1589, ARROW-2023, and can be validated by the
> {{ipc-fuzzer-test}}. Users receiving untrusted input streams can prevent
> segfaults this way
> As part of this, we should quantify the overhead associated with message
> validation in regular use
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
