iemejia commented on code in PR #3854:
URL: https://github.com/apache/avro/pull/3854#discussion_r3567467872
##########
lang/c++/impl/DataFile.cc:
##########
@@ -627,12 +679,25 @@ void DataFileReaderBase::readDataBlock() {
const uint8_t *data;
size_t len;
+ const size_t maxLength = maxDecompressLength();
while (ret != Z_STREAM_END && st->next(&data, &len)) {
zs.avail_in = static_cast<uInt>(len);
zs.next_in = const_cast<Bytef *>(data);
do {
if (zs.total_out == uncompressed.size()) {
- uncompressed.resize(uncompressed.size() +
zlibBufGrowSize);
+ // Reject a block that decompresses to more than the
+ // allowed maximum, before growing the buffer further.
+ if (uncompressed.size() >= maxLength) {
+ (void) inflateEnd(&zs);
+ throw Exception(
+ "Decompressed block size exceeds the maximum
allowed of {} bytes",
+ maxLength);
Review Comment:
This was addressed in commit 432b7856c5 — the deflate over-limit exception
now reports the would-be size (`uncompressed.size() + 1`, i.e. at least
maxLength + 1) alongside the limit: 'Decompressed block size {} exceeds the
maximum allowed of {} bytes', consistent with the snappy/zstd errors.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]