[ARROW-6270] [C++][Fuzzing] IPC reads do not check buffer indices - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 0.15.0
Component/s: C++
Labels:
- fuzzer
- pull-request-available

External issue URL:
https://github.com/apache/arrow/issues/22654

Description

The attached crash was found by arrow-ipc-fuzzing-test and indicates that the IPC reader is not checking the flatbuffer encoded buffers for length and can produce out-of-bounds-reads.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

crash-bd7e00178af2d236fdf041fcc1fb30975bf8fbca
16/Aug/19 11:57
0.5 kB
Marco Neumann

Issue Links

links to

GitHub Pull Request #5105

Activity

People

Assignee:: Marco Neumann

Reporter:: Marco Neumann

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 16/Aug/19 11:57

Updated:: 11/Jan/23 07:46

Resolved:: 17/Aug/19 20:27

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

50m