Skip to content

[56_maintenance] Prevent buffer builder length overflow in MutableBuffer::extend_zeros (#9820)#9915

Merged
alamb merged 1 commit into
apache:56_maintenancefrom
alamb:alamb/backport_9820
May 6, 2026
Merged

[56_maintenance] Prevent buffer builder length overflow in MutableBuffer::extend_zeros (#9820)#9915
alamb merged 1 commit into
apache:56_maintenancefrom
alamb:alamb/backport_9820

Conversation

@alamb
Copy link
Copy Markdown
Contributor

@alamb alamb commented May 5, 2026

@github-actions github-actions Bot added the arrow Changes to the arrow crate label May 5, 2026
@alamb alamb mentioned this pull request May 5, 2026
Closed
11 tasks
@alamb alamb force-pushed the alamb/backport_9820 branch from 074be7e to 4de2e6c Compare May 5, 2026 17:02
@alamb alamb changed the title [56_maintenance] Prevent buffer builder length overflow (#9820) [56_maintenance] Prevent buffer builder length overflow in MutableBuffer::extend_zeros (#9820) May 5, 2026
@alamb
Prevent buffer builder length overflow in `MutableBuffer::extend_zero…
44ad3e8 
…s` (apache#9820)

- None.

BufferBuilder reserve paths relied on unchecked usize arithmetic when
calculating the required byte length. In optimized builds, very large
requested lengths could wrap before capacity growth.

This adds checked arithmetic for MutableBuffer byte length calculations
used by reserve and zero-extension paths.

Yes. This adds regression coverage for overflowing BufferBuilder length
calculations through reserve, append_n_zeroed, and advance.

Invalid requested lengths whose byte size cannot be represented without
overflow now panic consistently. There are no API changes.
@alamb alamb force-pushed the alamb/backport_9820 branch from 4de2e6c to 44ad3e8 Compare May 5, 2026 19:42
@alamb alamb marked this pull request as ready for review May 5, 2026 20:30
etseidl
etseidl approved these changes May 6, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@etseidl etseidl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good 👍

Comment thread arrow-buffer/src/buffer/mutable.rs

/// Allocates a new [MutableBuffer] with `len` and capacity to be at least `len` where
/// all bytes are guaranteed to be `0u8`.
///
Copy link
Copy Markdown
Contributor

@etseidl etseidl May 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will this be forward ported? 😂

Copy link
Copy Markdown
Contributor Author

@alamb alamb May 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🦅 👁️

I guess Codex couldn't resist. I will resist my personal temptation to actually forward port it to avoid needlessly burning carbon. Though it would help pump up my github stats 🙄 (though now with the AI tools those metrics are much less informative 🤔 )

@alamb alamb merged commit aeb648c into apache:56_maintenance May 6, 2026
26 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@etseidl etseidl etseidl approved these changes

Assignees

No one assigned

Labels

arrow Changes to the arrow crate

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@alamb @etseidl