pitrou opened a new pull request, #49897: URL: https://github.com/apache/arrow/pull/49897
### Rationale for this change IO methods like `ReadAt` can return less bytes than asked for if the file is too short, but the IPC reader doesn't always detect for this situation. On invalid IPC files, this can produce issues down the road such as half-initialized buffers and large processing times (with a potential denial of service). This issue was detected by OSS-Fuzz: https://issues.oss-fuzz.com/issues/489758017 ### What changes are included in this PR? 1. Add `ReadAt` and `ReadAsync` overloads that accept a `bool allow_short_read` argument 2. Pass `allow_short_read = false` in all suitable places in IPC and Parquet readers ### Are these changes tested? Yes, by existing tests and new fuzz regression file. ### Are there any user-facing changes? No, except potentially better detection of invalid IPC streams and files. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
