SAY-5 opened a new pull request, #49832: URL: https://github.com/apache/arrow/pull/49832
### Rationale for this change `arrow::Decimal128::FromString` and `Decimal256::FromString` (and the `SimpleDecimalFromString` path used by `Decimal32`/`Decimal64`) silently truncate when the input string's precision exceeds the target decimal's maximum. The digit string is fed into `ShiftAndAdd`, which multiplies and adds into a fixed-size `uint64_t` array sized to the target's bit width; high bits that don't fit are silently dropped. The parsed-precision out-parameter does reflect the real precision, but callers who don't validate it against `kMaxPrecision` get a corrupted `(value mod 2^kBitWidth)` with `Status::OK`. ### What changes are included in this PR? Check `parsed_precision` against `Decimal::kMaxPrecision` before `ShiftAndAdd` in both `DecimalFromString` (128 / 256) and `SimpleDecimalFromString` (32 / 64), returning `Status::Invalid` with a descriptive message when the input exceeds the target. ### Are these changes tested? Covered by the existing `FromString` test matrix for the valid-range cases. Over-precision inputs previously returned OK; the new behaviour is a `Status::Invalid` so regression tests that exercise `precision > kMaxPrecision` paths should be added — happy to follow up with those in a second commit or separate PR. ### Are there any user-facing changes? Yes: `Decimal*::FromString` now rejects strings with more than `kMaxPrecision` significant digits. Callers that relied on the silently-wrapped value (unusual) will see the new error and should clamp / validate precision upstream. Closes #49817. Signed-off-by: SAY-5 <[email protected]> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
