pchintar opened a new issue, #9796:
URL: https://github.com/apache/arrow-rs/issues/9796
### Problem
`DeltaByteArrayDecoder::get` assumes decoded prefix lengths are always valid
and directly slices:
self.previous_value[0..prefix_len]
If the decoded `prefix_len` is negative (after decoding) or larger than
`previous_value.len()`, this results in a slice bounds panic.
### Expected Behavior
The decoder should return `Err` on invalid input instead of panicking.
### Actual Behavior
Invalid prefix lengths can cause a panic such as:
range end index X out of range for slice of length Y
### Reproduction
This can be reproduced by:
- encoding valid DELTA_BYTE_ARRAY data
- modifying the prefix-length stream (DELTA_BINARY_PACKED)
- decoding using `DeltaByteArrayDecoder::get`
This leads to a panic instead of returning an error.
### Notes
- There is currently no validation for:
- negative prefix lengths
- prefix lengths exceeding `previous_value.len()`
- Other decoders (e.g., DELTA_BINARY_PACKED) perform validation on decoded
values,
but this check is missing here.
### Impact
This can cause unexpected panics when reading invalid or unexpected encoded
data,
instead of returning a controlled error.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
