Check size of non empty domain before access (#5650)

XanthosXanthopoulos · web-flow · commit 500e7080443d · 2025-10-01T13:04:21.000+03:00
During schema deserialization, when deserializing the `non_empty_domain`
the code depends on the existence of the `sizes` list to decide whether
or not the range is of variable length and access the array without
checking its size.
To make the deserialization more robust and because the serialization
process is not controlled by core (for example an already serialized
schema may be received from a client during a REST call), the size of
the `sizes` list should also be checked before accessing the list.

---
TYPE: BUG 
DESC: Check `non_empty_domain.sizes` size before access
diff --git a/tiledb/sm/serialization/capnp_utils.h b/tiledb/sm/serialization/capnp_utils.h
@@ -511,7 +511,7 @@ std::pair<Status, std::optional<NDRange>> deserialize_non_empty_domain_rv(
         vec[index] = list[index];
       }
 
-      if (non_empty_domain.hasSizes()) {
+      if (non_empty_domain.hasSizes() && non_empty_domain.getSizes().size()) {
         auto sizes = non_empty_domain.getSizes();
         ndRange.emplace_back(vec.data(), vec.size(), sizes[0]);
       } else {
diff --git a/tiledb/sm/serialization/test/unit_capnp_nonempty_domain.cc b/tiledb/sm/serialization/test/unit_capnp_nonempty_domain.cc
@@ -70,3 +70,59 @@ TEST_CASE(
   REQUIRE(status.ok());
   REQUIRE(clone.value()[0].var_size() == false);
 }
+
+TEST_CASE(
+    "Check serialization correctly handles empty sizes",
+    "[nonemptydomain][serialization]") {
+  auto dim = make_shared<Dimension>(
+      HERE(),
+      "index",
+      Datatype::UINT32,
+      tiledb::test::get_test_memory_tracker());
+  uint32_t domain1[2]{1, 64};
+  dim->set_domain(&domain1[0]);
+
+  NDRange nd_list = {dim->domain()};
+
+  // Serialize
+  ::capnp::MallocMessageBuilder message;
+  tiledb::sm::serialization::capnp::NonEmptyDomainList::Builder builder =
+      message.initRoot<tiledb::sm::serialization::capnp::NonEmptyDomainList>();
+  Status st;
+
+  auto nonEmptyDomainListBuilder = builder.initNonEmptyDomains(1);
+
+  for (uint64_t dimIdx = 0; dimIdx < nd_list.size(); ++dimIdx) {
+    const auto& dimNonEmptyDomain = nd_list[dimIdx];
+
+    auto dim_builder = nonEmptyDomainListBuilder[dimIdx];
+    dim_builder.setIsEmpty(dimNonEmptyDomain.empty());
+
+    if (!dimNonEmptyDomain.empty()) {
+      auto subarray_builder = dim_builder.initNonEmptyDomain();
+      st = tiledb::sm::serialization::utils::set_capnp_array_ptr(
+          subarray_builder,
+          tiledb::sm::Datatype::UINT8,
+          dimNonEmptyDomain.data(),
+          dimNonEmptyDomain.size());
+
+      if (dimNonEmptyDomain.start_size() != 0) {
+        // start_size() is non-zero for var-size dimensions
+        auto range_start_sizes = dim_builder.initSizes(1);
+        range_start_sizes.set(0, dimNonEmptyDomain.start_size());
+      } else {
+        // sizes can be empty for non var-size dimensions
+        dim_builder.initSizes(0);
+      }
+    }
+  }
+
+  REQUIRE(st.ok());
+
+  auto&& [status, clone] =
+      tiledb::sm::serialization::utils::deserialize_non_empty_domain_rv(
+          builder);
+
+  REQUIRE(status.ok());
+  REQUIRE(clone.value()[0].var_size() == false);
+}

Original file line number	Diff line number	Diff line change
`@@ -511,7 +511,7 @@ std::pair<Status, std::optional<NDRange>> deserialize_non_empty_domain_rv(`
`511`	`511`	`vec[index] = list[index];`
`512`	`512`	`}`
`513`	`513`
`514`		`- if (non_empty_domain.hasSizes()) {`
	`514`	`+ if (non_empty_domain.hasSizes() && non_empty_domain.getSizes().size()) {`
`515`	`515`	`auto sizes = non_empty_domain.getSizes();`
`516`	`516`	`ndRange.emplace_back(vec.data(), vec.size(), sizes[0]);`
`517`	`517`	`} else {`