scovich commented on PR #8031: URL: https://github.com/apache/arrow-rs/pull/8031#issuecomment-3146944042
> > If you hit a buffer overflow panic, I think that means you tried to use the "fast" version to write the Some(data_size) entry, after the loop exits. Or did you hit a problem in the loop itself? > > It would panic in the following test when creating a variant with `VariantBuilder::new`. > > ``` > let (m1, v1) = make_nested_object(); > let variant = Variant::new(&m1, &v1); > > // because we can guarantee metadata is validated through the builder > let mut builder = VariantBuilder::new().with_metadata(VariantMetadata::new(&m1)); > builder.append_value(variant.clone()); <-- panic here because we have a buffer with size 6 and will try to copy 4 bytes to the buffer starting from 3 > ``` Ah... I didn't think about that. With one-byte offsets, `Some(data_size)` (= one byte) isn't enough buffer to avoid overflow when writing 4 bytes. Drat. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: github-unsubscr...@arrow.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
