Fix float overflow silent truncation to inf and stale serializer cache

- Add FLT_MAX range check in SerFloatType.serialize and
  SerVectorType._serialize_float to raise OverflowError for finite
  values outside float32 range, matching pure-Python struct.pack behavior
- Move column_encryption_policy check before cache lookup in
  PreparedStatement._serializers so it is evaluated on every access

Author: mykaul

cassandra/query.py

@@ -544,16 +544,18 @@ def _serializers(self):
 
         Returns a list of Serializer objects if Cython serializers are available
         and there is no column encryption policy, otherwise returns None.
+
+        The column_encryption_policy check is performed on every access (not
+        cached) so that serializers are correctly bypassed if a policy is set
+        after construction.
         """
+        if self.column_encryption_policy:
+            return None
         try:
             return self.__serializers
         except AttributeError:
             pass
-        if (
-            _HAVE_CYTHON_SERIALIZERS
-            and not self.column_encryption_policy
-            and self.column_metadata
-        ):
+        if _HAVE_CYTHON_SERIALIZERS and self.column_metadata:
             self.__serializers = _cython_make_serializers(
                 [col.type for col in self.column_metadata]
             )

cassandra/serializers.pyx

@@ -29,6 +29,8 @@ cqltype.serialize() classmethod.
 from libc.stdint cimport int32_t, uint32_t
 from libc.string cimport memcpy
 from libc.stdlib cimport malloc, free
+from libc.float cimport FLT_MAX
+from libc.math cimport isinf, isnan
 from cpython.bytes cimport PyBytes_FromStringAndSize
 
 from cassandra import cqltypes
@@ -51,6 +53,24 @@ cdef class Serializer:
         raise NotImplementedError
 
 
+# ---------------------------------------------------------------------------
+# Float range check
+# ---------------------------------------------------------------------------
+
+cdef inline void _check_float_range(double value) except *:
+    """Raise OverflowError for finite values outside float32 range.
+
+    This matches the behavior of struct.pack('>f', value), which raises
+    OverflowError (via struct.error) for values that cannot be represented
+    as a 32-bit IEEE 754 float. inf, -inf, and nan pass through unchanged.
+    """
+    if not isinf(value) and not isnan(value):
+        if value > <double>FLT_MAX or value < -<double>FLT_MAX:
+            raise OverflowError(
+                "Value %r too large for float32 (max %r)" % (value, FLT_MAX)
+            )
+
+
 # ---------------------------------------------------------------------------
 # Scalar serializers
 # ---------------------------------------------------------------------------
@@ -59,6 +79,7 @@ cdef class SerFloatType(Serializer):
     """Serialize a Python float to 4-byte big-endian IEEE 754."""
 
     cpdef bytes serialize(self, object value, int protocol_version):
+        _check_float_range(<double>value)
         cdef float val = <float>value
         cdef char out[4]
         cdef char *src = <char *>&val
@@ -196,6 +217,7 @@ cdef class SerVectorType(Serializer):
 
         try:
             for i in range(self.vector_size):
+                _check_float_range(<double>values[i])
                 val = <float>values[i]
                 src = <char *>&val
                 dst = buf + i * 4