You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug, including details regarding any error messages, version, and platform.
Variadic buffer count is stored as int64 and is used to presize vectors when reading IPC. These aren't validated for representability in a positive int32, which led to some fuzzer failures.
Component(s)
C++
The text was updated successfully, but these errors were encountered:
### Rationale for this change
Invalid variadic buffer counts can cause allocating storage for variadic buffers to fail.
### What changes are included in this PR?
Check variadic buffer counts are valid before they are used as an allocator argument.
### Are these changes tested?
They pass with the fuzzer testcase.
### Are there any user-facing changes?
No
* Closes: #38738
Lead-authored-by: Benjamin Kietzman <bengilgit@gmail.com>
Co-authored-by: Antoine Pitrou <pitrou@free.fr>
Signed-off-by: Benjamin Kietzman <bengilgit@gmail.com>
…38740)
### Rationale for this change
Invalid variadic buffer counts can cause allocating storage for variadic buffers to fail.
### What changes are included in this PR?
Check variadic buffer counts are valid before they are used as an allocator argument.
### Are these changes tested?
They pass with the fuzzer testcase.
### Are there any user-facing changes?
No
* Closes: apache#38738
Lead-authored-by: Benjamin Kietzman <bengilgit@gmail.com>
Co-authored-by: Antoine Pitrou <pitrou@free.fr>
Signed-off-by: Benjamin Kietzman <bengilgit@gmail.com>
Describe the bug, including details regarding any error messages, version, and platform.
Variadic buffer count is stored as int64 and is used to presize vectors when reading IPC. These aren't validated for representability in a positive int32, which led to some fuzzer failures.
Component(s)
C++
The text was updated successfully, but these errors were encountered: