Skip to content

fix: validate record_count metadata to reject negative values#80

Open
zfarrell wants to merge 3 commits intomainfrom
fix/validate-record-count
Open

fix: validate record_count metadata to reject negative values#80
zfarrell wants to merge 3 commits intomainfrom
fix/validate-record-count

Conversation

@zfarrell
Copy link
Contributor

@zfarrell zfarrell commented Mar 1, 2026

Summary

  • Add validated_record_count() function that converts i64 record_count to u64 with proper error handling
  • Assert non-negative record_count in DataFileInfo::new() (negative values indicate a programming error)
  • Validate record_count in TableDeletionsTable before use in delete processing
  • Prevents incorrect behavior from corrupt metadata (e.g., empty ranges in full-file deletes)

Test plan

  • Unit tests for validated_record_count() with positive, zero, negative, and i64::MIN values
  • Unit test for DataFileInfo::new() panicking on negative record_count
  • Unit test for zero record_count succeeding
  • cargo test passes

zfarrell and others added 3 commits February 26, 2026 20:17
@zfarrell @claude
fix: validate record_count metadata to reject negative values
206940e 
- Add validated_record_count() mirroring existing validated_file_size() pattern
- Apply in table_deletions before constructing DeletedRowsExec
- Add assert in DataFileInfo::new() for write-side safety

Found during Feb 2026 security review

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@zfarrell
fix: run rustfmt
7c2cb83
@zfarrell
fix: pre-install parquet extension to avoid macOS CI race condition
13b928c 
Multiple concurrent tests triggering DuckDB's parquet auto-install
simultaneously caused flaky failures on macOS CI.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@zfarrell