This is an automated email from the ASF dual-hosted git repository.
Jefffrey pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/arrow-rs.git
The following commit(s) were added to refs/heads/main by this push:
new b79d20d639 fix(arrow-cast): respect cast safety for overflowing
temporal casts (#10162)
b79d20d639 is described below
commit b79d20d63990a72d176f2747e7422a8d1cf52a6e
Author: Sai Asish Y <[email protected]>
AuthorDate: Sun Jun 21 20:56:14 2026 -0700
fix(arrow-cast): respect cast safety for overflowing temporal casts (#10162)
# Which issue does this PR close?
<!--
We generally require a GitHub issue to be filed for all bug fixes and
enhancements and this helps us generate change logs for our releases.
You can link an issue to this PR using the GitHub syntax.
-->
- Part of #10131.
# Rationale for this change
<!--
Why are you proposing this change? If this is already explained clearly
in the issue then this section is not needed.
Explaining clearly why changes are proposed helps reviewers understand
your changes and offer better suggestions for fixes.
-->
Two temporal cast paths ignore the cast safety option:
- `Time32(Second)` to `Time32(Millisecond)` multiplies an `i32` by 1000
with `unary`, so a large value panics with "attempt to multiply with
overflow" in debug and wraps in release.
- `Date64` to `Date32` divides by `MILLISECONDS_IN_DAY` and then does an
unchecked `as i32`, which silently truncates day counts that do not fit
in `i32` (e.g. `i64::MAX` produces `-622191233`).
Both are reachable from `cast`/`cast_with_options` on valid input and do
not honour `CastOptions::safe`.
# What changes are included in this PR?
<!--
There is no need to duplicate the description in the issue here but it
is sometimes worth providing a summary of the individual changes in this
PR.
-->
Both casts now follow the same pattern already used elsewhere in this
file (for decimal and timestamp casts): in safe mode out-of-range values
become null via `unary_opt` with a checked operation, and in non-safe
mode they return a `CastError`/`ArithmeticOverflow` via `try_unary`.
This covers the two cases shown in the issue. Other temporal casts that
multiply into `i64` (e.g. `Time32(Second)` to `Time64`) cannot overflow
for in-range inputs and are left unchanged.
# Are these changes tested?
<!--
We typically require tests for all PRs in order to:
1. Prevent the code from being accidentally broken by subsequent changes
2. Serve as another way to document the expected behavior of the code
If tests are not included in your PR, please explain why (for example,
are they covered by existing tests)?
If this PR claims a performance improvement, please include evidence
such as benchmark results.
-->
Yes. Added `test_cast_date64_to_date32_overflow` and
`test_cast_time32_second_to_time32_millisecond_overflow`, each checking
that the safe cast nulls the out-of-range value and the non-safe cast
errors instead of panicking or truncating. The existing temporal cast
tests still pass.
# Are there any user-facing changes?
<!--
If there are user-facing changes then we may require documentation to be
updated before approving the PR.
If there are any breaking changes to public APIs, please call them out.
-->
These two casts no longer panic or silently truncate on overflow. Safe
casts now yield null and non-safe casts return an error for the affected
inputs.
Signed-off-by: Sai Asish Y <[email protected]>
---
arrow-cast/src/cast/mod.rs | 73 +++++++++++++++++++++++++++++++++++++++-------
1 file changed, 63 insertions(+), 10 deletions(-)
diff --git a/arrow-cast/src/cast/mod.rs b/arrow-cast/src/cast/mod.rs
index 7ef5f1750a..8d62f09a17 100644
--- a/arrow-cast/src/cast/mod.rs
+++ b/arrow-cast/src/cast/mod.rs
@@ -1710,17 +1710,33 @@ pub fn cast_with_options(
.as_primitive::<Date32Type>()
.unary::<_, Date64Type>(|x| x as i64 * MILLISECONDS_IN_DAY),
)),
- (Date64, Date32) => Ok(Arc::new(
- array
- .as_primitive::<Date64Type>()
- .unary::<_, Date32Type>(|x| (x / MILLISECONDS_IN_DAY) as i32),
- )),
+ (Date64, Date32) => {
+ let array = array.as_primitive::<Date64Type>();
+ let result = if cast_options.safe {
+ array.unary_opt::<_, Date32Type>(|x| i32::try_from(x /
MILLISECONDS_IN_DAY).ok())
+ } else {
+ array.try_unary::<_, Date32Type, _>(|x| {
+ i32::try_from(x / MILLISECONDS_IN_DAY).map_err(|_| {
+ ArrowError::CastError(format!(
+ "Cannot cast Date64 value {x} to Date32 without
overflow"
+ ))
+ })
+ })?
+ };
+ Ok(Arc::new(result))
+ }
- (Time32(TimeUnit::Second), Time32(TimeUnit::Millisecond)) =>
Ok(Arc::new(
- array
- .as_primitive::<Time32SecondType>()
- .unary::<_, Time32MillisecondType>(|x| x * MILLISECONDS as
i32),
- )),
+ (Time32(TimeUnit::Second), Time32(TimeUnit::Millisecond)) => {
+ let array = array.as_primitive::<Time32SecondType>();
+ let result = if cast_options.safe {
+ array.unary_opt::<_, Time32MillisecondType>(|x|
x.checked_mul(MILLISECONDS as i32))
+ } else {
+ array.try_unary::<_, Time32MillisecondType, _>(|x| {
+ x.mul_checked(MILLISECONDS as i32)
+ })?
+ };
+ Ok(Arc::new(result))
+ }
(Time32(TimeUnit::Second), Time64(TimeUnit::Microsecond)) =>
Ok(Arc::new(
array
.as_primitive::<Time32SecondType>()
@@ -5239,6 +5255,26 @@ mod tests {
assert!(c.is_null(2));
}
+ #[test]
+ fn test_cast_date64_to_date32_overflow() {
+ let a = Date64Array::from(vec![i64::MAX]);
+ let array = Arc::new(a) as ArrayRef;
+
+ let b = cast(&array, &DataType::Date32).unwrap();
+ let c = b.as_primitive::<Date32Type>();
+ assert!(c.is_null(0));
+
+ let options = CastOptions {
+ safe: false,
+ ..Default::default()
+ };
+ let err = cast_with_options(&array, &DataType::Date32,
&options).unwrap_err();
+ assert!(
+ err.to_string().contains("Cannot cast Date64 value"),
+ "{err}"
+ );
+ }
+
#[test]
fn test_cast_string_to_integral_overflow() {
let str = Arc::new(StringArray::from(vec![
@@ -13841,6 +13877,23 @@ mod tests {
assert_eq!(c.value(3), 43_200_000_000);
}
+ #[test]
+ fn test_cast_time32_second_to_time32_millisecond_overflow() {
+ let array = Time32SecondArray::from(vec![i32::MAX]);
+
+ let b = cast(&array,
&DataType::Time32(TimeUnit::Millisecond)).unwrap();
+ let c = b.as_primitive::<Time32MillisecondType>();
+ assert!(c.is_null(0));
+
+ let options = CastOptions {
+ safe: false,
+ ..Default::default()
+ };
+ let err = cast_with_options(&array,
&DataType::Time32(TimeUnit::Millisecond), &options)
+ .unwrap_err();
+ assert!(err.to_string().contains("Overflow"), "{err}");
+ }
+
#[test]
fn test_cast_string_to_time32_second_to_int64() {
// Mimic: select arrow_cast('03:12:44'::time,
'Time32(Second)')::bigint;
