lriggs opened a new pull request, #49780: URL: https://github.com/apache/arrow/pull/49780
### Rationale for this change Fixes security related problems found in gdv_hash_using_openssl. Those problems were not deemed to be a security risk. ### What changes are included in this PR? **[hash_utils.h:41, hash_utils.cc:66]** Removed GANDIVA_EXPORT from gdv_hash_using_openssl — it's an internal helper, not part of the public API. **[hash_utils.cc:105]** Changed && → || in the validation condition. The original only errored when both checks failed; now it errors when either result_length != hash_digest_size or result_buf_size != (2 * hash_digest_size). **[hash_utils.cc:135]** Fixed snprintf buffer size, so it correctly accounts for the already-written bytes and prevents potential out-of-bounds writes. Allocate result_buf_size + 1 bytes — the extra byte absorbs the final null terminator. Pass result_buf_size - result_buff_index + 1 to snprintf — reflects the actual remaining space (2 hex chars + 1 null = 3 bytes on the last call), preventing any potential overflow if the format ever changed. ### Are these changes tested? Yes, unit tests. ### Are there any user-facing changes? No. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
