Copilot commented on code in PR #3851:
URL: https://github.com/apache/avro/pull/3851#discussion_r3567377715
##########
lang/ruby/lib/avro/data_file.rb:
##########
@@ -339,6 +372,18 @@ def codec_name; 'snappy'; end
def decompress(data)
load_snappy!
+ # The Snappy block header declares the uncompressed length as a varint;
+ # reject an over-large block before allocating for it.
+ limit = DataFile.max_decompress_length
+ declared = self.class.snappy_declared_length(data)
+ # Fail closed: a block whose length header cannot be parsed is
malformed
+ # and must not be handed to the decompressor with the guard bypassed.
+ if declared.nil?
+ raise DataFileError, "Snappy block has an unparseable length header"
+ end
+ if declared > limit
+ raise DecompressionSizeError, "Decompressed block size exceeds the
maximum allowed of #{limit} bytes"
+ end
crc32 = data.slice(-4..-1).unpack('N').first
uncompressed = Snappy.inflate(data.slice(0..-5))
Review Comment:
SnappyCodec#decompress assumes the buffer is at least 4 bytes long when
extracting the trailing CRC32. For malformed/truncated inputs shorter than 4
bytes, `data.slice(-4..-1)` can be nil, leading to an unhandled exception
(`NoMethodError` on `unpack`) instead of a controlled Avro error. Add a
short-buffer guard (or fall back to the legacy no-checksum path) before
attempting to read the checksum.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]