This is an automated email from the ASF dual-hosted git repository.
alamb pushed a commit to branch 56_maintenance
in repository https://gitbox.apache.org/repos/asf/arrow-rs.git
The following commit(s) were added to refs/heads/56_maintenance by this push:
new 53c956e090 [56_maintenance] Prevent ArrayData::slice length overflow
(#9813) (#9916)
53c956e090 is described below
commit 53c956e090a505f717695ba3b3ae64c88bb2e608
Author: Andrew Lamb <[email protected]>
AuthorDate: Wed May 6 14:31:05 2026 -0400
[56_maintenance] Prevent ArrayData::slice length overflow (#9813) (#9916)
- Part of https://github.com/apache/arrow-rs/issues/9857
- Fixes https://github.com/apache/arrow-rs/issues/9899 in 56.x releases
This PR:
- Backports https://github.com/apache/arrow-rs/pull/9813 from @alamb to
the `56_maintenance` line
---
arrow-array/src/array/fixed_size_list_array.rs | 2 +-
arrow-array/src/array/struct_array.rs | 2 +-
arrow-data/src/data.rs | 20 ++++++++++++++++++--
3 files changed, 20 insertions(+), 4 deletions(-)
diff --git a/arrow-array/src/array/fixed_size_list_array.rs
b/arrow-array/src/array/fixed_size_list_array.rs
index 4a338591e5..637767996d 100644
--- a/arrow-array/src/array/fixed_size_list_array.rs
+++ b/arrow-array/src/array/fixed_size_list_array.rs
@@ -539,7 +539,7 @@ mod tests {
}
#[test]
- #[should_panic(expected = "assertion failed: (offset + length) <=
self.len()")]
+ #[should_panic(expected = "assertion failed: end <= self.len()")]
// Different error messages, so skip for now
// https://github.com/apache/arrow-rs/issues/1545
#[cfg(not(feature = "force_validate"))]
diff --git a/arrow-array/src/array/struct_array.rs
b/arrow-array/src/array/struct_array.rs
index fbc34ef0c8..7e35eb6450 100644
--- a/arrow-array/src/array/struct_array.rs
+++ b/arrow-array/src/array/struct_array.rs
@@ -642,7 +642,7 @@ mod tests {
}
#[test]
- #[should_panic(expected = "assertion failed: (offset + length) <=
self.len()")]
+ #[should_panic(expected = "assertion failed: end <= self.len()")]
fn test_struct_array_from_data_with_offset_and_length_error() {
let int_arr = Int32Array::from(vec![1, 2, 3, 4, 5]);
let int_field = Field::new("x", DataType::Int32, false);
diff --git a/arrow-data/src/data.rs b/arrow-data/src/data.rs
index c8202f5641..10770d39cb 100644
--- a/arrow-data/src/data.rs
+++ b/arrow-data/src/data.rs
@@ -560,9 +560,12 @@ impl ArrayData {
///
/// # Panics
///
- /// Panics if `offset + length > self.len()`.
+ /// Panics if `offset + length` overflows or is greater than `self.len()`.
pub fn slice(&self, offset: usize, length: usize) -> ArrayData {
- assert!((offset + length) <= self.len());
+ let end = offset
+ .checked_add(length)
+ .expect("offset + length overflow");
+ assert!(end <= self.len());
if let DataType::Struct(_) = self.data_type() {
// Slice into children
@@ -2285,6 +2288,19 @@ mod tests {
assert_eq!(data.null_count() - 1, new_data.null_count());
}
+ #[test]
+ #[should_panic(expected = "offset + length overflow")]
+ fn test_slice_panics_on_offset_length_overflow() {
+ let data = ArrayData::builder(DataType::Int32)
+ .len(4)
+ .add_buffer(make_i32_buffer(4))
+ .build()
+ .unwrap();
+ let sliced = data.slice(1, 3);
+
+ sliced.slice(1, usize::MAX);
+ }
+
#[test]
fn test_typed_offsets_length_overflow() {
let data = ArrayData {
