mapleFU commented on code in PR #47185:
URL: https://github.com/apache/arrow/pull/47185#discussion_r2296100339
##########
cpp/src/parquet/decoder.cc:
##########
@@ -207,6 +207,10 @@ struct ArrowBinaryHelper<FLBAType,
::arrow::FixedSizeBinaryType> {
Status AppendValue(const uint8_t* data, int32_t length,
std::optional<int64_t> estimated_remaining_data_length =
{}) {
+ if (ARROW_PREDICT_FALSE(length != acc_->byte_width())) {
Review Comment:
See https://github.com/apache/arrow/actions/runs/17131673477/job/48597348959
The fuzzer will generate random underlying data from seeds, and this caused
a heap buffer overflow when type mismatches. Maybe a boundary check on buffer
is more lightweight, which only prevent from heap buffer overflow.
Size check would enforce underlying data to be same sized. However it
introduce a size checking.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
