wombatu-kun commented on code in PR #16500:
URL: https://github.com/apache/iceberg/pull/16500#discussion_r3338249294
##########
core/src/main/java/org/apache/iceberg/DVUtil.java:
##########
@@ -64,6 +65,35 @@ static PositionDeleteIndex readDV(DeleteFile deleteFile,
FileIO fileIO) {
}
}
+ /**
+ * Validates that the deletion-vector offset and length on a {@link
DeleteFile} are well-formed
+ * before they are consumed by a reader. Hostile or corrupted manifest
metadata may otherwise
+ * trigger a {@link NegativeArraySizeException}, an invalid seek, or a
multi-gigabyte allocation
+ * when the DV blob is read.
+ */
+ public static void validateDV(DeleteFile dv) {
+ Preconditions.checkArgument(
Review Comment:
Left the five checks inline - each carries a distinct message (offset vs
length, null vs negative vs 2GB) and they run through the public validateDV, so
factoring wouldn't reduce the test surface. Happy to revisit if others prefer
the split.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
