Skip to content

fix: guard repeat array length overflow#22293

Open
Sean-Kenneth-Doherty wants to merge 1 commit into
apache:mainfrom
Sean-Kenneth-Doherty:codex/repeat-string-overflow
Open

fix: guard repeat array length overflow#22293
Sean-Kenneth-Doherty wants to merge 1 commit into
apache:mainfrom
Sean-Kenneth-Doherty:codex/repeat-string-overflow

Conversation

@Sean-Kenneth-Doherty
Copy link
Copy Markdown

@Sean-Kenneth-Doherty Sean-Kenneth-Doherty commented May 17, 2026

Which issue does this PR close?

Rationale for this change

The array execution path for repeat(string, count) calculated string.len() * count before checking the configured string-size limit. For very large counts, that multiplication can overflow and panic instead of returning the same string-size overflow error used by the scalar path.

What changes are included in this PR?

  • Adds checked count conversion and repeated-length calculation helpers.
  • Uses checked multiplication and checked total-capacity accumulation in the array path.
  • Adds Rust and sqllogictest coverage for the one-row columnar reproducer from the issue.

Are these changes tested?

  • cargo fmt --all
  • TMPDIR=/home/sean/Projects/datafusion-repeat-overflow/target/tmp cargo test -p datafusion-functions string::repeat::tests::test_repeat_string_array_overflow -- --nocapture
  • TMPDIR=/home/sean/Projects/datafusion-repeat-overflow/target/tmp cargo test --profile=ci --test sqllogictests -- string/string_literal.slt
  • TMPDIR=/home/sean/Projects/datafusion-repeat-overflow/target/tmp cargo clippy --all-targets --all-features -- -D warnings
  • git diff --check

Are there any user-facing changes?

Invalid oversized repeat results in the columnar path now return a normal DataFusion string-size overflow error instead of panicking.

@github-actions github-actions Bot added sqllogictest SQL Logic Tests (.slt) functions Changes to functions implementation labels May 17, 2026
@Sean-Kenneth-Doherty
Copy link
Copy Markdown
Author

Sean-Kenneth-Doherty commented May 17, 2026

Fresh local validation on be1f0357b:

  • cargo test -p datafusion-functions string::repeat::tests::test_repeat_string_array_overflow -> passed
  • cargo test -p datafusion-sqllogictest --test sqllogictests -- string/string_literal.slt -> passed
  • cargo test -p datafusion-functions -> 283 unit tests passed plus 3 doctests passed / 4 doctests ignored
  • cargo fmt --all --check -> passed
  • cargo clippy -p datafusion-functions --all-targets -- -D warnings -> passed
  • git diff --check origin/main...HEAD -> clean

GitHub currently only shows the labeler Process check, so this adds local coverage for the changed repeat overflow path and the touched SQLLogicTest file.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

functions Changes to functions implementation sqllogictest SQL Logic Tests (.slt)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

panic: repeat string array path overflows capacity calculation

1 participant

@Sean-Kenneth-Doherty