metsw24-max opened a new pull request, #50068: URL: https://github.com/apache/arrow/pull/50068
`ReaderV1::LoadValues` reads `total_bytes` for a column, then slices null-bitmap/offsets/values sub-buffers using sizes from `meta->length()`, which the footer flatbuffer supplies independently and unverified. A length larger than the data buffer makes the plain `SliceBuffer` calls run past the buffer (and the final `buffer->size() - offset` underflow), so the array is read out of bounds when consumed. Reachable from `feather::Reader::Open` on any Feather V1 file. Reject negative length/null_count and switch the three slices to `SliceBufferSafe`. * GitHub Issue: #50067 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
