jmestwa-coder opened a new issue, #50051: URL: https://github.com/apache/arrow/issues/50051
### Describe the bug, including details regarding any error messages, version, and platform. WKB parsing code in cpp/src/parquet/geospatial performs size computations using geometry counts read directly from externally supplied WKB input. On 32-bit targets such as wasm32, calculations of the form: count * sizeof(T) can overflow before remaining-buffer validation occurs. This may allow truncated bounds checks to succeed while subsequent parsing logic still attempts to process larger coordinate sequences. One identified instance is WKBBuffer::ReadCoords() in util_internal.cc, where the coordinate sequence byte size is derived from a WKB-provided coordinate count prior to validating the remaining buffer size. This issue tracks auditing and hardening similar overflow-before-bounds-check patterns in WKB parsing paths to ensure bounds validation remains correct across supported architectures. ### Component(s) Parquet, C++ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
