Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enhance sanity check on Parquet metadata #6228

Open
jp0317 opened this issue Aug 12, 2024 · 1 comment
Open

Enhance sanity check on Parquet metadata #6228

jp0317 opened this issue Aug 12, 2024 · 1 comment
Labels
enhancement Any new improvement worthy of a entry in the changelog

Comments

@jp0317
Copy link
Contributor

jp0317 commented Aug 12, 2024

Describe the bug
It seems the current codes lack sanity checks on metadata, making it vulnerable to corrupted files. The following gives a few example:

  1. There are a bunch of i32 as u32 without checking if the i32 is negative. Unfortunately these u32 may be used to guide buffer allocations (e.g., here) when reading data.

  2. The read_records does not validate the levels_read from read_rep_levels. A corrupted file may cause the read_rep_levels return 0, which could lead to infinite loop,

To Reproduce

Using the read_parquet example to read the two bad files from here. Reading bad-dict-page-header.parquet may give an EOF error but internally the library already has called a Vec::reserve(N) where N is from a negative i32. Reading bad-levels.parquet would simply stuck in infinite loop.

Expected behavior
Examine the metadata and return proper errors

Additional context

@jp0317 jp0317 added the bug label Aug 12, 2024
@tustvold tustvold added enhancement Any new improvement worthy of a entry in the changelog and removed bug labels Aug 12, 2024
@alamb
Copy link
Contributor

alamb commented Jan 6, 2025

Given we have merged several relevant PRs I think we should close this ticket. What do you think @jp0317 ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement Any new improvement worthy of a entry in the changelog
Projects
None yet
Development

No branches or pull requests

3 participants