Unsound DecimalArray Validation in Unreleased arrow-rs #1813

tustvold · 2022-06-07T17:00:29Z

Describe the bug

The validation logic added in #1767 is incorrect. In particular

let values_buffer = &self.buffers[0];

for pos in 0..values_buffer.len() {
    let raw_val = unsafe {
        std::slice::from_raw_parts(
            values_buffer.as_ptr().add(pos),
            16_usize,
        )
    };
    let value = i128::from_le_bytes(raw_val.try_into().unwrap());
    validate_decimal_precision(value, *p)?;
}

This will read 16 byte slices at 1 byte intervals in the underlying array of decimal data, which will as a result:

This will interpret data at non-value intervals (avoiding UB largely by accident)
This will read beyond the bounds of values_buffer which is unsound
It will not take into account any offset

To Reproduce

#[test]
fn test_decimal_validation() {
    let mut builder = DecimalBuilder::new(4, 10, 4);
    builder.append_value(10000).unwrap();
    builder.append_value(20000).unwrap();
    let array = builder.finish();

    array.data().validate_full().unwrap();
}

Fails with

Invalid argument error: 42535295865117307932921825928971026471 is too large to store in a Decimal of precision 10. Max is 9999999999"

Expected behavior

This should not incorrectly fail for valid data

Additional context

This was discovered by DataFusion's test suite for Decimals

The text was updated successfully, but these errors were encountered:

viirya · 2022-06-07T17:26:02Z

Oops, I will fix it. Thanks @tustvold

tustvold · 2022-06-07T17:26:34Z

Already preparing a fix 😄

Fix offset validation for sliced children of list arrays (apache#1814)

* Fix DecimalArray validation (#1813) Fix offset validation for sliced children of list arrays (#1814) * Update arrow/src/array/data.rs Co-authored-by: Liang-Chi Hsieh <[email protected]> Co-authored-by: Liang-Chi Hsieh <[email protected]>

alamb · 2022-06-09T13:41:41Z

marked as development process to suppress from release notes, as this was not released

tustvold added the bug label Jun 7, 2022

tustvold added a commit to tustvold/arrow-rs that referenced this issue Jun 7, 2022

Fix DecimalArray validation (apache#1813)

d940c01

Fix offset validation for sliced children of list arrays (apache#1814)

tustvold mentioned this issue Jun 7, 2022

Fix Decimal and List ArrayData Validation (#1813) (#1814) #1816

Merged

tustvold added a commit to tustvold/arrow-rs that referenced this issue Jun 7, 2022

Fix DecimalArray validation (apache#1813)

b7b8b99

Fix offset validation for sliced children of list arrays (apache#1814)

tustvold added a commit to tustvold/arrow-rs that referenced this issue Jun 7, 2022

Fix DecimalArray validation (apache#1813)

c201841

Fix offset validation for sliced children of list arrays (apache#1814)

tustvold added a commit to tustvold/arrow-rs that referenced this issue Jun 7, 2022

Fix DecimalArray validation (apache#1813)

76bc699

Fix offset validation for sliced children of list arrays (apache#1814)

tustvold added a commit to tustvold/arrow-rs that referenced this issue Jun 7, 2022

Fix DecimalArray validation (apache#1813)

bdaba34

Fix offset validation for sliced children of list arrays (apache#1814)

tustvold closed this as completed in #1816 Jun 7, 2022

alamb added the development-process Related to development process of arrow-rs label Jun 9, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Unsound DecimalArray Validation in Unreleased arrow-rs #1813

Unsound DecimalArray Validation in Unreleased arrow-rs #1813

tustvold commented Jun 7, 2022 •

edited

Loading

viirya commented Jun 7, 2022

tustvold commented Jun 7, 2022

alamb commented Jun 9, 2022

Unsound DecimalArray Validation in Unreleased arrow-rs #1813

Unsound DecimalArray Validation in Unreleased arrow-rs #1813

Comments

tustvold commented Jun 7, 2022 • edited Loading

viirya commented Jun 7, 2022

tustvold commented Jun 7, 2022

alamb commented Jun 9, 2022

tustvold commented Jun 7, 2022 •

edited

Loading