Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[C++] Improve flatbuffers verification limits #27430

Closed
asfimport opened this issue Feb 8, 2021 · 1 comment
Closed

[C++] Improve flatbuffers verification limits #27430

asfimport opened this issue Feb 8, 2021 · 1 comment
Assignees
@pitrou
Labels
Component: C++ Type: enhancement
Milestone
4.0.0

Comments

@asfimport
Copy link
Collaborator

asfimport commented Feb 8, 2021
edited
Loading

See discussion in #9349 (comment) :

Flatbuffers is able to encode a virtually unbounded of schema fields in a small buffer size. Verifying that many fields with the Flatbuffers verifier seems to result in potentially unlimited verification times, which is a denial of service risk.

The way to mitigate this risk is to pass an appropriate max_tables and/or max_depth limit to the Flatbuffers verifier.

Reporter: Antoine Pitrou / @pitrou
Assignee: Antoine Pitrou / @pitrou

Related issues:

PRs and other links:

Note: This issue was originally created as ARROW-11559. Please see the migration documentation for further details.
@asfimport
Copy link
Collaborator Author

Micah Kornfield / @emkornfield:
Issue resolved by pull request 9447
#9447

@asfimport asfimport added this to the 4.0.0 milestone Jan 11, 2023
@asfimport asfimport mentioned this issue Jan 11, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pitrou pitrou

Labels
Component: C++ Type: enhancement
Projects
None yet
Milestone
4.0.0
Development

No branches or pull requests
2 participants
@pitrou @asfimport