You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@arrow.apache.org by Andrew Lamb <al...@influxdata.com> on 2021/11/03 21:02:41 UTC

[Rust][Security] Request for Feedback / Review on Array Validation (

TDLR: does anyone have time for feedback / review on a PR [1] to add
argument validation to ArrayData? I believe it a necessary (but not
sufficient) step to harden the arrow-rs implementation

Background:
As many of you may remember, there have been various ongoing discussions[2]
about aspects of the Safety of the Rust Implementation.

One major hole with the existing implementation is the creation of
ArrayData structures without proper input argument validation. In arrow-rs
6.0.0 we updated the API to reflect this (`unsafe ArrayData::new_unchecked`
vs `ArrayData::try_new()`) [2]

The plan was to fill out the validation of `ArrayData::try_new()` to
prevent invalid data, and [1] is a step in that direction.

If there is anything I can do to make it easier to review, please let me
know.

Andrew


[1] https://github.com/apache/arrow-rs/pull/810
[2]
https://lists.apache.org/list?dev@arrow.apache.org:lte=1y:rust%20security
[3] https://github.com/apache/arrow-rs/pull/822

Re: [Rust][Security] Request for Feedback / Review on Array Validation (

Posted by Andrew Lamb <al...@influxdata.com>.

Many thanks to Jörn Horstmann for his feedback on #810. I think this PR is
now ready to go and will plan to do so early next week unless anyone
objects or would like more time to review.

Thanks again,
Andrew

On Wed, Nov 3, 2021 at 5:02 PM Andrew Lamb <al...@influxdata.com> wrote:

> TDLR: does anyone have time for feedback / review on a PR [1] to add
> argument validation to ArrayData? I believe it a necessary (but not
> sufficient) step to harden the arrow-rs implementation
>
> Background:
> As many of you may remember, there have been various ongoing
> discussions[2] about aspects of the Safety of the Rust Implementation.
>
> One major hole with the existing implementation is the creation of
> ArrayData structures without proper input argument validation. In arrow-rs
> 6.0.0 we updated the API to reflect this (`unsafe ArrayData::new_unchecked`
> vs `ArrayData::try_new()`) [2]
>
> The plan was to fill out the validation of `ArrayData::try_new()` to
> prevent invalid data, and [1] is a step in that direction.
>
> If there is anything I can do to make it easier to review, please let me
> know.
>
> Andrew
>
>
> [1] https://github.com/apache/arrow-rs/pull/810
> [2]
> https://lists.apache.org/list?dev@arrow.apache.org:lte=1y:rust%20security
> [3] https://github.com/apache/arrow-rs/pull/822
>