Description
This issue was previously reported privately and is now being disclosed following coordination with maintainers.
FixedSizeBinaryArray::value() performs offset calculations using truncating integer casts, which can lead to overflow and incorrect pointer offsets.
This can result in a potential out-of-bounds read via safe Rust APIs.
Fix
See PR #9850
Reported by Sungjin Kim (@ksj1230)
Description
This issue was previously reported privately and is now being disclosed following coordination with maintainers.
FixedSizeBinaryArray::value()performs offset calculations using truncating integer casts, which can lead to overflow and incorrect pointer offsets.This can result in a potential out-of-bounds read via safe Rust APIs.
Fix
See PR #9850
Reported by Sungjin Kim (@ksj1230)