Decimal{32,64,128,256}::FromString parse the exponent with ParseValue<Int32Type>, so it can be any int32_t including INT32_MIN. DecimalFromString/SimpleDecimalFromString in cpp/src/arrow/util/decimal.cc then compute parsed_scale = -adjusted_exponent + fractional_digits. For an input like 0E-2147483648 the negation of INT32_MIN is signed-integer-overflow UB; a near-INT32_MIN exponent overflows the addition.
UBSan on the expression:
decimal.cc: runtime error: negation of -2147483648 cannot be represented in type 'int32_t' (aka 'int')
These are public string-parsing entry points reachable from the CSV/JSON readers when converting decimal columns, so the input crosses a trust boundary.
Decimal{32,64,128,256}::FromStringparse the exponent withParseValue<Int32Type>, so it can be anyint32_tincludingINT32_MIN.DecimalFromString/SimpleDecimalFromStringincpp/src/arrow/util/decimal.ccthen computeparsed_scale = -adjusted_exponent + fractional_digits. For an input like0E-2147483648the negation ofINT32_MINis signed-integer-overflow UB; a near-INT32_MINexponent overflows the addition.UBSan on the expression:
These are public string-parsing entry points reachable from the CSV/JSON readers when converting decimal columns, so the input crosses a trust boundary.