NJAHNAVI2907 opened a new pull request, #55661:
URL: https://github.com/apache/spark/pull/55661
Jackson's permissive surrogate handling let lone surrogates from \uXXXX
escapes pass through `parse_json`, `try_parse_json`, and
`from_json('variant')`, where `getBytes(UTF_8)` then silently substituted
U+FFFD and corrupted the Variant. Validate the decoded strings before they
enter the dictionary or write buffer, gated by a new internal SQL conf
(default-on) for opt-out compatibility.
<!--
Thanks for sending a pull request! Here are some tips for you:
1. If this is your first time, please read our contributor guidelines:
https://spark.apache.org/contributing.html
2. Ensure you have added or run the appropriate tests for your PR:
https://spark.apache.org/developer-tools.html
3. If the PR is unfinished, add '[WIP]' in your PR title, e.g.,
'[WIP][SPARK-XXXX] Your PR title ...'.
4. Be sure to keep the PR description updated to reflect all changes.
5. Please write your PR title to summarize what this PR proposes.
6. If possible, provide a concise example to reproduce the issue for a
faster review.
7. If you want to add a new configuration, please read the guideline first
for naming configurations in
'core/src/main/scala/org/apache/spark/internal/config/ConfigEntry.scala'.
8. If you want to add or modify an error type or message, please read the
guideline first in
'common/utils/src/main/resources/error/README.md'.
-->
### What changes were proposed in this pull request?
This PR adds strict Unicode validation to the Variant JSON parser so it
rejects strings containing unpaired UTF-16 surrogate code units (e.g. a lone
`\uD835` high surrogate). The check runs inside `VariantBuilder.buildJson` for
both JSON object keys and string values, before either is encoded to UTF-8 and
committed to the Variant binary buffer.
The validation is gated by a new internal SQL conf
`spark.sql.variant.validateUtf8InJsonParsing`, defaulting to `true` so the
strict, RFC 8259-compliant behavior is enabled by default. Setting the conf to
`false` restores the legacy permissive behavior as a transitional escape hatch
for pipelines that currently depend on it.
The fix applies to all three Variant-parsing entry points:
- `parse_json` — throws `MALFORMED_RECORD_IN_PARSING.WITHOUT_SUGGESTION` on
lone surrogates.
- `try_parse_json` — returns `NULL`.
- `from_json` — returns `NULL` in `PERMISSIVE` mode (default), throws in
`FAILFAST`.
<!--
Please clarify what changes you are proposing. The purpose of this section
is to outline the changes and how this PR fixes the issue.
If possible, please consider writing useful notes for better and faster
reviews in your PR. See the examples below.
1. If you refactor some codes with changing classes, showing the class
hierarchy will help reviewers.
2. If you fix some SQL features, you can provide some references of other
DBMSes.
3. If there is design documentation, please add the link.
4. If there is a discussion in the mailing list, please add the link.
-->
### Why are the changes needed?
<!--
Please clarify why the changes are needed. For instance,
1. If you propose a new API, clarify the use case for a new API.
2. If you fix a bug, you can clarify why it is a bug.
-->
1. JSON containing a lone surrogate (e.g. `"\uD835"` not followed by a low
surrogate) is invalid.
2. Strict parsers such as simdjson reject these inputs; Jackson's
`ReaderBasedJsonParser`, which Spark uses on the JVM, accepts them and decodes
the escape into a Java `char` containing the lone surrogate.
3. The Variant ends up containing `?` where the original input was supposed
to be, with no error or warning a silent data-corruption bug.
4. The records containing `\uD835` were silently accepted with substituted
characters when handled by the JVM, but correctly rejected by Photon.
5. This PR closes that JVM ↔ Photon divergence at its root.
### Does this PR introduce _any_ user-facing change?
<!--
Note that it means *any* user-facing change including all aspects such as
new features, bug fixes, or other behavior changes. Documentation-only updates
are not considered user-facing changes.
If yes, please clarify the previous behavior and the change this PR proposes
- provide the console output, description and/or an example to show the
behavior difference if possible.
If possible, please also clarify if this is a user-facing change compared to
the released Spark versions or within the unreleased branches such as master.
If no, write 'No'.
-->
Yes. With the default `spark.sql.variant.validateUtf8InJsonParsing = true`,
behavior on input containing a lone surrogate.
Setting `spark.sql.variant.validateUtf8InJsonParsing = false` restores the
previous permissive behavior for users who need to opt out during migration.
### How was this patch tested?
<!--
If tests were added, say they were added here. Please make sure to add some
test cases that check the changes thoroughly including negative and positive
cases if possible.
If it was tested in a way different from regular unit tests, please clarify
how you tested step by step, ideally copy and paste-able, so that other
reviewers can test and check, and descendants can verify in the future.
If tests were not added, please describe why they were not added and/or why
it was difficult to add.
If benchmark tests were added, please run the benchmarks in GitHub Actions
for the consistent environment, and the instructions could accord to:
https://spark.apache.org/developer-tools.html#github-workflow-benchmarks.
-->
Added the following test cases: `VariantExpressionEvalUtilsSuite`,
`VariantExpressionEvalUtilsSuite`, `VariantEndToEndSuite`
### Was this patch authored or co-authored using generative AI tooling?
<!--
If generative AI tooling has been used in the process of authoring this
patch, please include the
phrase: 'Generated-by: ' followed by the name of the tool and its version.
If no, write 'No'.
Please refer to the [ASF Generative Tooling
Guidance](https://www.apache.org/legal/generative-tooling.html) for details.
-->
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
