Skip to content

GH-1206: validate decompressed length in Lz4CompressionCodec#1207

Merged
lidavidm merged 1 commit into
apache:mainfrom
Arawoof06:lz4-decompress-length-check
Jul 6, 2026
Merged

GH-1206: validate decompressed length in Lz4CompressionCodec#1207
lidavidm merged 1 commit into
apache:mainfrom
Arawoof06:lz4-decompress-length-check

Conversation

@Arawoof06

Copy link
Copy Markdown
Contributor

What's Changed

Lz4CompressionCodec.doDecompress sizes the output buffer to the bytes it actually decompressed, but sets writerIndex to the length taken from the untrusted 8-byte prefix. A buffer whose prefix claims more than the real output leaves the returned ArrowBuf with a writerIndex past its capacity, and consumers then read off-heap memory beyond the allocation. This adds the actual-vs-claimed length check the ZSTD codec already does, so a mismatch throws instead of producing an over-long buffer.

Closes #1206.

@github-actions

This comment has been minimized.

@lidavidm lidavidm added the bug-fix PRs that fix a big. label Jul 5, 2026
@github-actions github-actions Bot added this to the 20.0.0 milestone Jul 5, 2026
@lidavidm lidavidm merged commit 9e86331 into apache:main Jul 6, 2026
43 of 47 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bug-fix PRs that fix a big.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Lz4CompressionCodec trusts the uncompressed-length prefix when decompressing

2 participants