Hugging Face's logo

wulonchia
/
avro-c-integer-overflow-poc

Model card Files
xet
 Community

You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

Log in or Sign Up to review the conditions and access this model content.

Apache Avro C Integer Overflow PoC

This repository contains a proof-of-concept Avro file that triggers signed integer overflow (undefined behavior) in the Apache Avro C library.

Files

  • avro_poc.avro - Crafted Avro file with block_count = INT64_MIN
  • generate_poc.py - Python script to generate the PoC file

Vulnerability

The Avro C library negates negative block counts via block_count * -1. When block_count is INT64_MIN (-2^63), this overflows because 2^63 cannot be represented as int64_t.

This triggers undefined behavior in 6 locations across value-read.c, consume-binary.c, and datum_skip.c.

Reproduction

Build Avro C with UBSan and read the PoC file to see the runtime errors.

Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support