dmitry-chirkov-dremio commented on code in PR #49813:
URL: https://github.com/apache/arrow/pull/49813#discussion_r3128258656
##########
cpp/src/gandiva/precompiled/string_ops_test.cc:
##########
@@ -2498,6 +2503,19 @@ TEST(TestStringOps, TestToHex) {
output = std::string(out_str, out_len);
EXPECT_EQ(out_len, 2 * in_len);
EXPECT_EQ(output, "090A090A090A090A0A0A092061206C657474405D6572");
+ ctx.Reset();
+
+ int32_t bad_in_len = std::numeric_limits<int32_t>::max() / 2 + 20;
+ out_str = to_hex_binary(ctx_ptr, binary_string, bad_in_len, &out_len);
+ EXPECT_EQ(out_len, 0);
+ EXPECT_STREQ(out_str, "");
+ ctx.Reset();
+
+ int32_t neg_in_len = -20;
+ out_str = to_hex_binary(ctx_ptr, binary_string, neg_in_len, &out_len);
+ EXPECT_EQ(out_len, 0);
+ EXPECT_STREQ(out_str, "");
+ ctx.Reset();
Review Comment:
Could we add a couple more boundary tests here just to make the hardening
feel more complete? I’m thinking of cases like **quote_utf8** right around the
INT32_MAX / 2 boundary, **substring_index** with negative lengths, and maybe
one **concat_ws_*** case where the combined output size would overflow.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
