desmondcheongzx opened a new issue, #640:
URL: https://github.com/apache/arrow-rs-object-store/issues/640
**Describe the bug**
`FabricTokenOAuthProvider::fetch_token` performs unsigned integer
subtraction when checking token expiry, which can cause an integer underflow
panic when the cached token has expired:
```
let exp_in = expiry - Self::get_current_timestamp();
if exp_in > TOKEN_MIN_TTL {
return Ok(TemporaryToken {
token:
Arc::new(AzureCredential::BearerToken(storage_access_token.clone())),
expiry: Some(Instant::now() + Duration::from_secs(exp_in)),
});
}
```
With `opt-level=3`, `exp_in` wraps to ~`u64::MAX` which results in "overflow
when adding duration to instant".
**To Reproduce**
This is all from code analysis so take it with a grain of salt 😅
A user of Daft shared a Fabric notebook that encountered this error in
https://github.com/Eventual-Inc/Daft/issues/6007:
https://github.com/djouallah/Fabric_Notebooks_Demo/blob/main/ETL/Light_ETL_Python_Notebook.ipynb
This issue **may be** related, but I haven't actually run it because I don't
have a Fabric environment.
I can reproduce this with a test case using an expired cached token. Full
test code available in PR to follow.
**Expected behavior**
On expiry, we should be able to fetch a new token without issue.
**Proposed Fix**
Use `saturating_sub` instead of `-` for safe subtraction:
```rust
let exp_in = expiry.saturating_sub(Self::get_current_timestamp());
```
When expired, saturating_sub returns 0, which fails the `exp_in >
TOKEN_MIN_TTL` check and correctly falls through to the refresh path.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
