steveloughran commented on issue #16455: URL: https://github.com/apache/iceberg/issues/16455#issuecomment-4506898242
the only marginal security issue is that OOM on multiplication overflow could affect other workers; the others are just "bad data fails differently from expected", and the checks just bring faliure forward. parquet C++ probably needs the most auditing here, as parquet rs hasgreat validation in. @rdblue see also (and please help review!) * parquet-java hardening with tests https://github.com/apache/parquet-java/pull/3562 * reference malformed test data for parquet-testing: https://github.com/apache/parquet-testing/pull/113 One purely subjective issue (as raised on parquet dev list) is what is a good depth limit? I went with 500 to match that of the json parser. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
