Skip to content

fix: resolve Miri UB in null struct field test, re-enable Miri on PRs#3669

Merged
andygrove merged 2 commits intoapache:mainfrom
andygrove:fix/miri-ub-null-struct-field
Mar 11, 2026
Merged

fix: resolve Miri UB in null struct field test, re-enable Miri on PRs#3669
andygrove merged 2 commits intoapache:mainfrom
andygrove:fix/miri-ub-null-struct-field

Conversation

@andygrove
Copy link
Member

@andygrove andygrove commented Mar 11, 2026

Which issue does this PR close?

Closes #3499.

Rationale for this change

The Miri CI workflow on main is failing with undefined behavior in test_append_null_struct_field_to_struct_builder. Additionally, Miri was disabled on PR builds due to an upstream cargo nightly regression that has since been resolved.

What changes are included in this PR?

  • Add bounds-checking debug_assert in SparkUnsafeRow::get_element_offset to catch out-of-bounds element accesses early
  • Fix test_append_null_struct_field_to_struct_builder: the test buffer was only 8 bytes (just the null bitset with no field value slot) and the null bit was unset, so append_field treated the field as non-null and attempted to read 8 bytes past the end of the buffer. Fixed to use 16 bytes with bit 0 set to properly represent a null field.
  • Re-enable Miri on pull_request trigger now that the upstream cargo nightly regression is resolved

How are these changes tested?

The existing test_append_null_struct_field_to_struct_builder test is the fix itself — it was the source of the Miri UB. The debug assertion will cause a panic in debug/test builds if any future test constructs an undersized row buffer.

@andygrove
fix: resolve Miri UB in null struct field test, re-enable Miri on PRs
397f09a 
Add bounds-checking debug_assert in SparkUnsafeRow::get_element_offset
to catch out-of-bounds accesses early.

Fix test_append_null_struct_field_to_struct_builder which had an
undersized 8-byte buffer (only null bitset, no field slot) with null
bit unset, causing an out-of-bounds read in get_long. Use 16 bytes
with bit 0 set to properly represent a null field.

Re-enable Miri on pull_request trigger now that the upstream cargo
nightly regression (apache#3499) is resolved.
@andygrove
Merge branch 'main' into fix/miri-ub-null-struct-field
8e505e6
mbutrovich
mbutrovich approved these changes Mar 11, 2026
View reviewed changes
Copy link
Contributor

@mbutrovich mbutrovich left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @andygrove!

@andygrove andygrove merged commit ae8e57c into apache:main Mar 11, 2026
113 checks passed
@andygrove andygrove deleted the fix/miri-ub-null-struct-field branch March 11, 2026 19:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mbutrovich mbutrovich mbutrovich approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Miri CI broken by nightly-2026-02-12 regression in cargo

2 participants

@andygrove @mbutrovich