Many thanks to Jörn Horstmann for his feedback on #810. I think this PR is now ready to go and will plan to do so early next week unless anyone objects or would like more time to review.
Thanks again, Andrew On Wed, Nov 3, 2021 at 5:02 PM Andrew Lamb <al...@influxdata.com> wrote: > TDLR: does anyone have time for feedback / review on a PR [1] to add > argument validation to ArrayData? I believe it a necessary (but not > sufficient) step to harden the arrow-rs implementation > > Background: > As many of you may remember, there have been various ongoing > discussions[2] about aspects of the Safety of the Rust Implementation. > > One major hole with the existing implementation is the creation of > ArrayData structures without proper input argument validation. In arrow-rs > 6.0.0 we updated the API to reflect this (`unsafe ArrayData::new_unchecked` > vs `ArrayData::try_new()`) [2] > > The plan was to fill out the validation of `ArrayData::try_new()` to > prevent invalid data, and [1] is a step in that direction. > > If there is anything I can do to make it easier to review, please let me > know. > > Andrew > > > [1] https://github.com/apache/arrow-rs/pull/810 > [2] > https://lists.apache.org/list?dev@arrow.apache.org:lte=1y:rust%20security > [3] https://github.com/apache/arrow-rs/pull/822 >
