You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

Apache Avro INT64_MIN Negation Overflow PoC

PoC files for integer overflow vulnerability in Apache Avro C library.

Files

int64min_block_count.avro — INT64_MIN as array block count → negation overflow → heap corruption
large_negative_count.avro — Large negative block count variant
huge_string_len.avro — INT64_MAX as string length → integer overflow in allocation

Root Cause

In src/value-read.c, consume-binary.c, and datum_skip.c, the pattern:

if (block_count < 0) {
    block_count = block_count * -1;  // UB when INT64_MIN!
}

INT64_MIN * -1 overflows, stays INT64_MIN, cast to size_t = 9.2 quintillion iterations.

Reproduce

git clone https://github.com/apache/avro && cd avro/lang/c
mkdir build && cd build
cmake .. -DCMAKE_C_FLAGS="-fsanitize=address,undefined"
make
./avrocat ../../../int64min_block_count.avro

Downloads last month: -; Downloads are not tracked for this model. How to track

Inference Providers NEW

This model isn't deployed by any Inference Provider. 🙋 Ask for provider support