Skip to content

GH-49477: [C++][Parquet] Fix multiplication overflow in PLAIN BYTE_ARRAY decoder#49478

Merged
pitrou merged 1 commit intoapache:mainfrom
pitrou:gh49477-pq-mul-overflow
Mar 11, 2026
Merged

GH-49477: [C++][Parquet] Fix multiplication overflow in PLAIN BYTE_ARRAY decoder#49478
pitrou merged 1 commit intoapache:mainfrom
pitrou:gh49477-pq-mul-overflow

Conversation

@pitrou
Copy link
Member

@pitrou pitrou commented Mar 9, 2026
edited
Loading

Rationale for this change

Issue found by OSS-Fuzz: https://issues.oss-fuzz.com/issues/489948953

Are these changes tested?

By added regression file.

Are there any user-facing changes?

No.

This PR contains a "Critical Fix". Signed integer overflow is undefined behavior, so this could result in any kind of misbehavior.

@pitrou pitrou force-pushed the gh49477-pq-mul-overflow branch from 5051ed0 to 122177c Compare March 10, 2026 08:09
@pitrou pitrou marked this pull request as ready for review March 10, 2026 08:11
@pitrou pitrou marked this pull request as draft March 10, 2026 08:13
@pitrou
Copy link
Member Author

pitrou commented Mar 10, 2026

#49451 will have to be merged before so that CI can pass.

@pitrou pitrou force-pushed the gh49477-pq-mul-overflow branch from 122177c to 1d355a9 Compare March 10, 2026 15:29
@pitrou pitrou force-pushed the gh49477-pq-mul-overflow branch from 1d355a9 to ddfb3a0 Compare March 10, 2026 15:30
@pitrou pitrou marked this pull request as ready for review March 10, 2026 15:30
@pitrou
Copy link
Member Author

pitrou commented Mar 10, 2026

@github-actions crossbow submit fuzz

@pitrou pitrou added the Critical Fix Bugfixes for security vulnerabilities, crashes, or invalid data. label Mar 10, 2026
@github-actions
Copy link

github-actions bot commented Mar 10, 2026

Revision: ddfb3a0

Submitted crossbow builds: ursacomputing/crossbow @ actions-7b0a04b78f

Task Status
test-build-cpp-fuzz GitHub Actions

@github-actions github-actions bot added awaiting committer review Awaiting committer review and removed awaiting review Awaiting review labels Mar 11, 2026
@pitrou pitrou merged commit 9b134ec into apache:main Mar 11, 2026
56 of 68 checks passed
@pitrou pitrou removed the awaiting committer review Awaiting committer review label Mar 11, 2026
@pitrou pitrou mentioned this pull request Mar 11, 2026
Closed
@pitrou pitrou deleted the gh49477-pq-mul-overflow branch March 11, 2026 10:46
@conbench-apache-arrow
Copy link

conbench-apache-arrow bot commented Mar 11, 2026

After merging your PR, Conbench analyzed the 3 benchmarking runs that have been run so far on merge-commit 9b134ec.

There were no benchmark performance regressions. 🎉

The full Conbench report has more details. It also includes information about 5 possible false positives for unstable benchmarks that are known to sometimes produce them.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wgtmac wgtmac wgtmac approved these changes

@assignUser assignUser Awaiting requested review from assignUser assignUser is a code owner

@jonkeane jonkeane Awaiting requested review from jonkeane jonkeane is a code owner

@kou kou Awaiting requested review from kou kou is a code owner

@raulcd raulcd Awaiting requested review from raulcd raulcd is a code owner

Assignees

No one assigned

Labels

Component: C++ Component: Parquet Critical Fix Bugfixes for security vulnerabilities, crashes, or invalid data.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pitrou @wgtmac