This is an automated email from the ASF dual-hosted git repository.
alamb pushed a commit to branch 57_maintenance
in repository https://gitbox.apache.org/repos/asf/arrow-rs.git
The following commit(s) were added to refs/heads/57_maintenance by this push:
new ecbc02273e [57_maintenance] Prevent ArrayData::slice length overflow
(#9813) (#9927)
ecbc02273e is described below
commit ecbc02273edc6da51057810d662fbeaf2074342d
Author: Andrew Lamb <[email protected]>
AuthorDate: Wed May 6 13:31:20 2026 -0400
[57_maintenance] Prevent ArrayData::slice length overflow (#9813) (#9927)
- Part of https://github.com/apache/arrow-rs/issues/9858
- Fixes https://github.com/apache/arrow-rs/issues/9899 in 57.x releases
This PR:
- Backports https://github.com/apache/arrow-rs/pull/9813 from @alamb to
the `57_maintenance` line
---
arrow-array/src/array/fixed_size_list_array.rs | 2 +-
arrow-array/src/array/struct_array.rs | 2 +-
arrow-data/src/data.rs | 20 ++++++++++++++++++--
3 files changed, 20 insertions(+), 4 deletions(-)
diff --git a/arrow-array/src/array/fixed_size_list_array.rs
b/arrow-array/src/array/fixed_size_list_array.rs
index 070e6617f3..9c549a3928 100644
--- a/arrow-array/src/array/fixed_size_list_array.rs
+++ b/arrow-array/src/array/fixed_size_list_array.rs
@@ -624,7 +624,7 @@ mod tests {
}
#[test]
- #[should_panic(expected = "assertion failed: (offset + length) <=
self.len()")]
+ #[should_panic(expected = "assertion failed: end <= self.len()")]
// Different error messages, so skip for now
// https://github.com/apache/arrow-rs/issues/1545
#[cfg(not(feature = "force_validate"))]
diff --git a/arrow-array/src/array/struct_array.rs
b/arrow-array/src/array/struct_array.rs
index 0d86e6305c..b716b1cdd3 100644
--- a/arrow-array/src/array/struct_array.rs
+++ b/arrow-array/src/array/struct_array.rs
@@ -643,7 +643,7 @@ mod tests {
}
#[test]
- #[should_panic(expected = "assertion failed: (offset + length) <=
self.len()")]
+ #[should_panic(expected = "assertion failed: end <= self.len()")]
fn test_struct_array_from_data_with_offset_and_length_error() {
let int_arr = Int32Array::from(vec![1, 2, 3, 4, 5]);
let int_field = Field::new("x", DataType::Int32, false);
diff --git a/arrow-data/src/data.rs b/arrow-data/src/data.rs
index 4522cea544..b3e005ee61 100644
--- a/arrow-data/src/data.rs
+++ b/arrow-data/src/data.rs
@@ -559,9 +559,12 @@ impl ArrayData {
///
/// # Panics
///
- /// Panics if `offset + length > self.len()`.
+ /// Panics if `offset + length` overflows or is greater than `self.len()`.
pub fn slice(&self, offset: usize, length: usize) -> ArrayData {
- assert!((offset + length) <= self.len());
+ let end = offset
+ .checked_add(length)
+ .expect("offset + length overflow");
+ assert!(end <= self.len());
if let DataType::Struct(_) = self.data_type() {
// Slice into children
@@ -2314,6 +2317,19 @@ mod tests {
assert_eq!(data.null_count() - 1, new_data.null_count());
}
+ #[test]
+ #[should_panic(expected = "offset + length overflow")]
+ fn test_slice_panics_on_offset_length_overflow() {
+ let data = ArrayData::builder(DataType::Int32)
+ .len(4)
+ .add_buffer(make_i32_buffer(4))
+ .build()
+ .unwrap();
+ let sliced = data.slice(1, 3);
+
+ sliced.slice(1, usize::MAX);
+ }
+
#[test]
fn test_typed_offsets_length_overflow() {
let data = ArrayData {
