Sean-Kenneth-Doherty opened a new issue, #10033: URL: https://github.com/apache/arrow-rs/issues/10033
DataFusion found a panic path where an invalid fixed-size binary type spec is accepted and later reaches Arrow buffer allocation. Reproducer from apache/datafusion#22226: ```sql SELECT arrow_cast(NULL, 'FixedSizeBinary(-1)') ``` In DataFusion CLI v53.1.0 / arrow-buffer 58.2.0, this can eventually panic in `MutableBuffer::with_capacity` after `Layout::array` returns a `LayoutError` for the negative-sized layout. DataFusion PR apache/datafusion#22297 adds a defensive validation layer around parsed Arrow data types, but reviewer feedback there suggested this may be better fixed upstream in arrow-rs so invalid `FixedSizeBinary` sizes are rejected at the type parsing/validation boundary. Expected behavior: parsing or validating `FixedSizeBinary(-1)` should return a normal error before the value can be used to allocate buffers. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
