GH-47184: [Parquet][C++] Avoid multiplication overflow in FixedSizeBinaryBuilder::Reserve (#47185)

### Rationale for this change

Fix issue found by OSS-Fuzz: https://oss-fuzz.com/testcase?key=6634425377161216

### What changes are included in this PR?

This patch add more checkings directly in builder. 

### Are these changes tested?

By apache/arrow-testing#110

### Are there any user-facing changes?

no
* GitHub Issue: #47184

Lead-authored-by: mwish <[email protected]>
Co-authored-by: Antoine Pitrou <[email protected]>
Signed-off-by: Antoine Pitrou <[email protected]>

Author: mapleFU

cpp/src/arrow/array/builder_binary.cc

@@ -34,12 +34,14 @@
 #include "arrow/util/bit_util.h"
 #include "arrow/util/checked_cast.h"
 #include "arrow/util/decimal.h"
+#include "arrow/util/int_util_overflow.h"
 #include "arrow/util/logging_internal.h"
 #include "arrow/visit_data_inline.h"
 
 namespace arrow {
 
 using internal::checked_cast;
+using internal::MultiplyWithOverflow;
 
 // ----------------------------------------------------------------------
 // Binary/StringView
@@ -162,7 +164,13 @@ void FixedSizeBinaryBuilder::Reset() {
 
 Status FixedSizeBinaryBuilder::Resize(int64_t capacity) {
   RETURN_NOT_OK(CheckCapacity(capacity));
-  RETURN_NOT_OK(byte_builder_.Resize(capacity * byte_width_));
+  int64_t dest_capacity_bytes;
+  if (ARROW_PREDICT_FALSE(
+          MultiplyWithOverflow(capacity, byte_width_, &dest_capacity_bytes))) {
+    return Status::CapacityError("Resize: capacity overflows (requested: ", capacity,
+                                 ", byte_width: ", byte_width_, ")");
+  }
+  RETURN_NOT_OK(byte_builder_.Resize(dest_capacity_bytes));
   return ArrayBuilder::Resize(capacity);
 }
 

cpp/src/arrow/buffer_builder.h

@@ -67,7 +67,7 @@ class ARROW_EXPORT BufferBuilder {
 
   /// \brief Resize the buffer to the nearest multiple of 64 bytes
   ///
-  /// \param new_capacity the new capacity of the of the builder. Will be
+  /// \param new_capacity the new capacity of the builder. Will be
   /// rounded up to a multiple of 64 bytes for padding
   /// \param shrink_to_fit if new capacity is smaller than the existing,
   /// reallocate internal buffer. Set to false to avoid reallocations when

cpp/src/parquet/decoder.cc

@@ -2062,6 +2062,17 @@ class DeltaByteArrayDecoderImpl : public TypedDecoderImpl<DType> {
     if (num_valid_values_ == 0) {
       last_value_in_previous_page_ = last_value_;
     }
+
+    if constexpr (std::is_same_v<DType, FLBAType>) {
+      // Checks all values
+      for (int i = 0; i < max_values; i++) {
+        if (buffer[i].len != static_cast<uint32_t>(this->type_length_)) {
+          throw ParquetException("FLBA type requires fixed-length ", this->type_length_,
+                                 " but got ", buffer[i].len);
+        }
+      }
+    }
+
     return max_values;
   }