[PR] fix array_repeat capacity overflow on constant scalar with large count [datafusion]

Sun, 17 May 2026 05:18:17 -0700 


xiedeyantu opened a new pull request, #22305:
URL: https://github.com/apache/datafusion/pull/22305

   ## Which issue does this PR close?
   
   - Closes #22228 .
   
   ## Rationale for this change
   
   `array_repeat` still panics for oversized repeat counts in the 
constant-scalar path. The simplest reproducer is:
   
   ```sql
   SELECT array_repeat(1, 9223372036854775807)
   ```
   
   Unlike the previously reported `array_repeat` overflow cases, this path does 
not sum counts across rows and does not multiply nested list lengths, but it 
still reaches an unchecked `Vec` preallocation and panics with `capacity 
overflow`.
   
   This change makes `array_repeat` reject oversized output lengths up front 
and return a normal execution error instead of panicking.
   
   ## What changes are included in this PR?
   
   This PR adds explicit bounds checks in repeat.rs so `array_repeat` validates 
requested output sizes before allocating buffers.
   
   The main changes are:
   
   - Move repeat-length accumulation into shared checked helpers.
   - Reject oversized output lengths with:
     `array_repeat: requested length exceeds maximum array size`
   - Guard both scalar and list repeat paths so they fail consistently before 
hitting unchecked allocation or arithmetic overflow.
   - Reuse precomputed outer offsets for the list path instead of rebuilding 
them from unchecked lengths.
   
   ## Are these changes tested?
   
   Yes.
   
   This PR adds a regression test in repeat.rs covering the constant-scalar 
reproducer with `i64::MAX` as the repeat count and verifies that `array_repeat` 
returns an execution error rather than panicking.
   
   Validated with:
   
   ```bash
   cargo test -p datafusion-functions-nested 
scalar_count_exceeding_max_array_size_returns_error --lib
   ```
   
   ## Are there any user-facing changes?
   
   Yes.
   
   Previously, oversized `array_repeat` calls could panic the process. After 
this change, they return a regular execution error:
   
   ```text
   array_repeat: requested length exceeds maximum array size
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to