search

jorgecarleitao / arrow2

Transmute-free Rust library to work with the Arrow format
Apache License 2.0
1.06k stars 223 forks source link

OffsetBuffer Slice is Unsound #1447

Closed tustvold closed 1 year ago

tustvold commented 1 year ago

Noticed whilst working on #1446

OffsetBuffer::slice does not verify that the length is non-zero, which results in UB from methods such as OffsetBuffer::first

#[test]
fn test_offsets_slice() {
    let mut buffer = OffsetsBuffer::<i32>::new();
    buffer.slice(0, 0);
    buffer.first();
}

Fails in debug with

  process didn't exit successfully: `/home/raphael/repos/external/arrow2/target/debug/deps/it-04058e53dc1ec684 'array::utf8::test_offsets_slice' --format=json --exact -Z unstable-options --show-output` (signal: 4, SIGILL: illegal instruction)
ritchie46 commented 1 year ago

Good catch! Fixed in #1448

jorgecarleitao commented 1 year ago

Thank you for reporting it. Well spotted - I plan to cut a release with a fix for this as well as adding an entry to the rust advisory.