shashbha14 commented on issue #48832: URL: https://github.com/apache/arrow/issues/48832#issuecomment-3745473862
@raulcd Yes, I have completed the analysis and solution. **Root Cause:** The crash occurs in [r/src/type_infer.cpp](cci:7://file:///C:/Users/ishwet/.gemini/antigravity/scratch/arrow/r/src/type_infer.cpp:0:0-0:0) at lines 72 and 89. The code checks if the timezone attribute is NULL, but doesn't verify it has content before reading it. In R 4.5.2, zero-length POSIXct objects can have a `tzone` attribute with length 0, causing an out-of-bounds memory access when the code tries to read `STRING_ELT(tzone_sexp, 0)`. **Solution:** Added a length check before accessing the timezone: - Changed: `if (Rf_isNull(tzone_sexp))` - To: `if (Rf_isNull(tzone_sexp) || XLENGTH(tzone_sexp) == 0)` Applied to both INTSXP (line 72) and REALSXP (line 89) specializations. **Testing:** Created [r/tests/testthat/test-issue-48832.R](cci:7://file:///C:/Users/ishwet/.gemini/antigravity/scratch/arrow/r/tests/testthat/test-issue-48832.R:0:0-0:0) with a regression test that reproduces the exact scenario from the bug report. Preparing PR now! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
