dongjoon-hyun opened a new pull request, #2672:
URL: https://github.com/apache/orc/pull/2672

   ### What changes were proposed in this pull request?
   
   This PR validates the PostScript tail lengths in 
`ReaderImpl.extractFileTail` before they are cast
   from `long` to `int`, throwing `FileFormatException` when `footerLength`, 
`metadataLength`,
   `stripeStatisticsLength`, or their sum is negative or exceeds the file 
length / `Integer.MAX_VALUE`.
   It is the Java counterpart of the C++ overflow checks in ORC-2167.
   
   ### Why are the changes needed?
   
   These fields are protobuf `uint64` read as Java `long`. A malformed value 
near `UINT64_MAX` or above
   2GB would truncate/overflow on the `int` cast into a bogus offset or 
allocation size instead of a
   clear error. Per the ORC threat model this is a fail-fast robustness fix, 
not a CVE.
   
   ### How was this patch tested?
   
   Added `TestReaderImpl.testMalformedTailLengthOverflow`, which crafts files 
with tail lengths of
   `2^31`, `2^32`, and `UINT64_MAX` and asserts `OrcFile.createReader` throws 
`FileFormatException`.
   
   ### Was this patch authored or co-authored using generative AI tooling?
   
   Generated-by: Claude Fable 5


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to