Copilot commented on code in PR #3854:
URL: https://github.com/apache/avro/pull/3854#discussion_r3567429567
##########
lang/c++/impl/DataFile.cc:
##########
@@ -627,12 +679,25 @@ void DataFileReaderBase::readDataBlock() {
const uint8_t *data;
size_t len;
+ const size_t maxLength = maxDecompressLength();
while (ret != Z_STREAM_END && st->next(&data, &len)) {
zs.avail_in = static_cast<uInt>(len);
zs.next_in = const_cast<Bytef *>(data);
do {
if (zs.total_out == uncompressed.size()) {
- uncompressed.resize(uncompressed.size() +
zlibBufGrowSize);
+ // Reject a block that decompresses to more than the
+ // allowed maximum, before growing the buffer further.
+ if (uncompressed.size() >= maxLength) {
+ (void) inflateEnd(&zs);
+ throw Exception(
+ "Decompressed block size exceeds the maximum
allowed of {} bytes",
+ maxLength);
Review Comment:
In the deflate decompression-limit path, the exception message doesn’t
include any size information (unlike Snappy/Zstd), which makes it harder to
diagnose/log when the limit is hit. Consider reporting at least the amount
already decompressed when the limit is reached.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]