dongjoon-hyun opened a new pull request, #2673: URL: https://github.com/apache/orc/pull/2673
### What changes were proposed in this pull request? This PR adds validation to `StringDirectColumnReader::computeSize` in the C++ reader so a negative or overflowing string length throws `ParseError` before any blob is allocated. Both callers (`next` and `skip`) are covered, and since `buildReader` routes all direct-encoded string-family types to this reader, the single guard protects `BINARY`/`CHAR`/`STRING`/`VARCHAR`/`GEOMETRY`/`GEOGRAPHY`. ### Why are the changes needed? The LENGTH stream is decoded as unsigned RLE, so a malformed file can encode a varint `>= 2^63` that becomes a negative `int64_t`. Cast to `size_t`, this triggers a huge `blob.resize()` and an out-of-bounds pointer walk. This restores parity with the Java reader, which already guards this path in `BytesColumnVectorUtil.commonReadByteArrays`. ### How was this patch tested? Added `TestColumnReader.testStringDirectNegativeLength`, which feeds a crafted LENGTH stream decoding to `INT64_MIN` and asserts `ParseError` is thrown. ### Was this patch authored or co-authored using generative AI tooling? Generated-by: Claude Fable 5 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
