alamb opened a new issue, #9843: URL: https://github.com/apache/arrow-rs/issues/9843
**Is your feature request related to a problem or challenge? Please describe what you are trying to do.** PR #9820 changes `MutableBuffer` growth paths to panic on length overflow instead of relying on unchecked arithmetic. That is clearly better than UB, but it still leaves downstream users without a defensive, fallible API when they need to handle very large requested lengths safely. In particular, callers of APIs such as `MutableBuffer::reserve`, `MutableBuffer::extend_zeros`, and higher-level `BufferBuilder` methods like `reserve`, `advance`, and `append_n_zeroed` currently have to either: - duplicate the overflow checks themselves before calling into Arrow, or - accept that these paths may panic on invalid or unexpectedly large input sizes. This came up in the review discussion on PR #9820: https://github.com/apache/arrow-rs/pull/9820#discussion_r3148408981 **Describe the solution you'd like** Add fallible variants for the overflow-prone growth APIs, so callers that need to code defensively can opt into `Result`-based handling instead of panic-based handling. Possible directions: - add low-level APIs such as `MutableBuffer::try_reserve` and `MutableBuffer::try_extend_zeros` - optionally add matching `try_` variants on `BufferBuilder`, such as `try_reserve`, `try_advance`, and `try_append_n_zeroed` - document that the existing infallible variants may panic on overflow, while the new `try_` variants return an error The exact error type can be decided separately, but the goal would be to report size/length overflow as a normal error rather than panicking. **Describe alternatives you've considered** One alternative is to keep the current panic-only behavior and improve documentation. That would help users understand the behavior, but it would still force defensive callers to reimplement overflow checks outside Arrow. Another alternative is to add fallible APIs only at the `MutableBuffer` layer and let higher-level builders decide whether to expose them directly. **Additional context** PR #9820 introduced checked overflow handling in `MutableBuffer` growth paths, including `reserve` and `extend_zeros`, and added regression tests for overflow cases in `BufferBuilder`. Relevant discussion: https://github.com/apache/arrow-rs/pull/9820#discussion_r3148408981 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
