jackylk opened a new pull request, #4367:
URL: https://github.com/apache/carbondata/pull/4367
### Why is this PR needed?
There is a security issue reported by the Apache Security Team. Calling
Snappy.uncompress without length validation is subject to attack.
### What changes were proposed in this PR?
Add length validation before calling Snappy, modified all places in
carbondata-core SnappyCompressor
### Does this PR introduce any user interface change?
- No
### Is any new testcase added?
- No
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@carbondata.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
