Skip to content

GH-1206: validate decompressed length in Lz4CompressionCodec#1207

Open
Arawoof06 wants to merge 1 commit into
apache:mainfrom
Arawoof06:lz4-decompress-length-check
Open

GH-1206: validate decompressed length in Lz4CompressionCodec#1207
Arawoof06 wants to merge 1 commit into
apache:mainfrom
Arawoof06:lz4-decompress-length-check

Conversation

@Arawoof06

Copy link
Copy Markdown

What's Changed

Lz4CompressionCodec.doDecompress sizes the output buffer to the bytes it actually decompressed, but sets writerIndex to the length taken from the untrusted 8-byte prefix. A buffer whose prefix claims more than the real output leaves the returned ArrowBuf with a writerIndex past its capacity, and consumers then read off-heap memory beyond the allocation. This adds the actual-vs-claimed length check the ZSTD codec already does, so a mismatch throws instead of producing an over-long buffer.

Closes #1206.

@github-actions

github-actions Bot commented Jul 4, 2026

Copy link
Copy Markdown

Thank you for opening a pull request!

Please label the PR with one or more of:

  • bug-fix
  • chore
  • dependencies
  • documentation
  • enhancement

Also, add the 'breaking-change' label if appropriate.

See CONTRIBUTING.md for details.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Lz4CompressionCodec trusts the uncompressed-length prefix when decompressing

1 participant