| --- |
| license: mit |
| --- |
| |
| # Apache Avro C Integer Overflow PoC |
|
|
| This repository contains a proof-of-concept Avro file that triggers signed integer overflow (undefined behavior) in the Apache Avro C library. |
|
|
| ## Files |
|
|
| - `avro_poc.avro` - Crafted Avro file with `block_count = INT64_MIN` |
| - `generate_poc.py` - Python script to generate the PoC file |
|
|
| ## Vulnerability |
|
|
| The Avro C library negates negative block counts via `block_count * -1`. When `block_count` is `INT64_MIN` (-2^63), this overflows because 2^63 cannot be represented as `int64_t`. |
|
|
| This triggers undefined behavior in 6 locations across `value-read.c`, `consume-binary.c`, and `datum_skip.c`. |
|
|
| ## Reproduction |
|
|
| Build Avro C with UBSan and read the PoC file to see the runtime errors. |
|
|
