GH-50240: [C++] Make IPC message decoding stricter

[pitrou]

Rationale for this change

An IPC file has a footer listing the exact locations in the file of the various IPC messages, such as RecordBatch messages.

However, we currently don't notice if a message size advertised in the IPC footer is larger than the actual serialized message size, therefore we happily accept invalid IPC files.

Found by OSS-Fuzz in https://issues.oss-fuzz.com/issues/524437775

What changes are included in this PR?

1. Error out when a message metadata size doesn't match the advertised value
2. Also fix a bug where ReadFieldsSubset did not properly handle legacy IPC encapsulation (without a continuation indicator)
3. Add a test suite for MessageDecoder and the various ReadMessage functions

Are these changes tested?

Yes, by new test suite and by additional fuzz regression file.

Are there any user-facing changes?

Being stricter implies that some IPC files might be rejected that were accepted before. Hopefully such files don't exist, but some IPC writers might have emitted them anyway.

• GitHub Issue: [C++] Make IPC message decoding stricter #50240

[github-actions]

Thanks for opening a pull request!

If this is not a minor PR. Could you open an issue for this pull request on GitHub? https://github.com/apache/arrow/issues/new/choose

Opening GitHub issues ahead of time contributes to the Openness of the Apache Arrow project.

Then could you also rename the pull request title in the following format?

GH-${GITHUB_ISSUE_ID}: [${COMPONENT}] ${SUMMARY}

or

MINOR: [${COMPONENT}] ${SUMMARY}

See also:

• Other pull requests
• Contribution Guidelines - Contributing Overview

[pitrou]

@github-actions crossbow submit -g cpp

[github-actions]

Revision: a40538f

Submitted crossbow builds: ursacomputing/crossbow @ actions-2ee7f5115a

Task	Status
example-cpp-minimal-build-static
example-cpp-minimal-build-static-system-dependency
example-cpp-tutorial
test-build-cpp-fuzz
test-conda-cpp
test-conda-cpp-valgrind
test-debian-13-cpp-amd64
test-debian-13-cpp-i386
test-debian-experimental-cpp-gcc-15
test-fedora-42-cpp
test-ubuntu-22.04-cpp
test-ubuntu-22.04-cpp-bundled
test-ubuntu-22.04-cpp-emscripten
test-ubuntu-22.04-cpp-no-threading
test-ubuntu-24.04-cpp
test-ubuntu-24.04-cpp-bundled-offline
test-ubuntu-24.04-cpp-gcc-13-bundled
test-ubuntu-24.04-cpp-gcc-14
test-ubuntu-24.04-cpp-minimal-with-formats
test-ubuntu-24.04-cpp-thread-sanitizer

[kou]

+1

[conbench-apache-arrow]

After merging your PR, Conbench analyzed the 4 benchmarking runs that have been run so far on merge-commit f3f65df.

There were no benchmark performance regressions. 🎉

The full Conbench report has more details. It also includes information about 9 possible false positives for unstable benchmarks that are known to sometimes produce them.