My project parses Arrow files produced by untrusted code. It looks to me like the "validate" function should help me avoid undefined behavior given an invalid Arrow file. I found a bug in the function: even after validation, an invalid Arrow file can trigger undefined behavior.
Is security a goal of the Arrow project/format? If so, how shall I report this bug without endangering other users in my situation? Enjoy life, Adam -- Adam Hooper +1-514-882-9694 http://adamhooper.com
