etseidl commented on PR #9868: URL: https://github.com/apache/arrow-rs/pull/9868#issuecomment-4362217619
> I've filed #9874 as the umbrella for both this immediate fix and the broader thrift-parser hardening you mentioned. PR description here is updated to reference it. Thank you 🙏 > Happy to do further fuzzing passes against specific suspected hotspots in `parquet_thrift` if you have particular spots in mind — otherwise I'll do a sweep of remaining `with_capacity`/`reserve` call sites on attacker-controlled paths and either fold those into this PR or file follow-ups under #9874, whichever you prefer. Let's see how this one plays out, then decide how to proceed. I want to be surgical with these changes so we don't kill performance for the majority of files that are well formed. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
