dongjoon-hyun opened a new pull request, #2672: URL: https://github.com/apache/orc/pull/2672
### What changes were proposed in this pull request? This PR validates the PostScript tail lengths in `ReaderImpl.extractFileTail` before they are cast from `long` to `int`, throwing `FileFormatException` when `footerLength`, `metadataLength`, `stripeStatisticsLength`, or their sum is negative or exceeds the file length / `Integer.MAX_VALUE`. It is the Java counterpart of the C++ overflow checks in ORC-2167. ### Why are the changes needed? These fields are protobuf `uint64` read as Java `long`. A malformed value near `UINT64_MAX` or above 2GB would truncate/overflow on the `int` cast into a bogus offset or allocation size instead of a clear error. Per the ORC threat model this is a fail-fast robustness fix, not a CVE. ### How was this patch tested? Added `TestReaderImpl.testMalformedTailLengthOverflow`, which crafts files with tail lengths of `2^31`, `2^32`, and `UINT64_MAX` and asserts `OrcFile.createReader` throws `FileFormatException`. ### Was this patch authored or co-authored using generative AI tooling? Generated-by: Claude Fable 5 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
