alamb opened a new pull request #810: URL: https://github.com/apache/arrow-rs/pull/810
Posting this PR early to get feedback, should anyone have them, on the approach Still to do: - [ ] Handle nested / variable length structures - [ ] Performance measurements # Which issue does this PR close? Closes https://github.com/apache/arrow-rs/issues/772 and likely several others on https://github.com/apache/arrow-rs/issues?q=is%3Aissue+is%3Aopen+label%3Asecurity # Rationale for this change As demonstrated in https://github.com/jorgecarleitao/arrow2#why, and almost all of the examples in https://github.com/apache/arrow-rs/issues?q=is%3Aissue+is%3Aopen+label%3Asecurity, creating `ArrayData::new` with invalid arguments can lead to undefined behavior. See also the discussion with @jhorstmann and others on https://lists.apache.org/thread.html/r3f12f3352ca36264622d4103fcb6c7c71544dcaf0f0a7e842f00c3a0%40%3Cdev.arrow.apache.org%3E # What changes are included in this PR? 1. Add input argument validation to `ArrayData::new()` # Are there any user-facing changes? code will `panic!` rather that have undefined behavior. RUSTSEC can be fixed -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
