GH-48744: [C++][Parquet] Fix undefined behavior in memcpy with nullptr #48745
+35
−32
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…nullptr When ByteArray has len=0 and ptr=nullptr (the default-constructed state), calling std::memcpy with nullptr is undefined behavior according to the C++ standard, even when size is 0. This commit adds guards to check len > 0 before calling memcpy in: - TypedStatisticsImpl<ByteArrayType>::Copy (statistics.cc) - DictDecoderImpl<ByteArrayType>::SetDict (decoder.cc) - Test utilities (statistics_test.cc, column_writer_test.cc) Claude-Generated-By: Claude Code (cli/claude-opus-4-5=100%) Claude-Steers: 1 Claude-Permission-Prompts: 8 Claude-Escapes: 1
|
|
github-actions
bot
added
Component: Parquet
Component: C++
awaiting review
wgtmac
approved these changes
Jan 8, 2026
Member
|
BTW, are there other similar calls in the parquet folder? I just did a quick peek and it seems that arrow/cpp/src/parquet/column_writer.cc Line 919 in fe5e0e5 |
github-actions
bot
added
awaiting committer review
Co-authored-by: Gang Wu <ustcwg@gmail.com>
Author
|
this is getting scattered all the places, so I think we can just provide a |
Introduce a centralized SafeMemcpy function in types.h that guards against calling std::memcpy with nullptr, which is undefined behavior even when size is 0. Replace memcpy calls throughout parquet with SafeMemcpy where the size is dynamic and could be 0 (ByteArray lengths, buffer sizes, RLE sizes). Keep std::memcpy for static sizes (sizeof, FLBA type_length) that are guaranteed > 0.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Rationale for this change
As noted by @wgtmac in #48717 (comment), calling
std::memcpywith a nullptr source is undefined behavior according to the C++ standard, even when the size is 0.When
ByteArrayhaslen=0andptr=nullptr(the default-constructed state pertypes.h:649), the current code invokes UB.What changes are included in this PR?
Added guards to check
len > 0before callingmemcpyin:TypedStatisticsImpl<ByteArrayType>::Copyinstatistics.ccDictDecoderImpl<ByteArrayType>::SetDictindecoder.ccstatistics_test.ccandcolumn_writer_test.ccAre these changes tested?
Existing tests pass. The fix prevents potential UB that sanitizers or optimizing compilers could exploit.
Are there any user-facing changes?
No.