metadata
license: mit
Apache Avro C Integer Overflow PoC
This repository contains a proof-of-concept Avro file that triggers signed integer overflow (undefined behavior) in the Apache Avro C library.
Files
avro_poc.avro- Crafted Avro file withblock_count = INT64_MINgenerate_poc.py- Python script to generate the PoC file
Vulnerability
The Avro C library negates negative block counts via block_count * -1. When block_count is INT64_MIN (-2^63), this overflows because 2^63 cannot be represented as int64_t.
This triggers undefined behavior in 6 locations across value-read.c, consume-binary.c, and datum_skip.c.
Reproduction
Build Avro C with UBSan and read the PoC file to see the runtime errors.