Skip to content

fix: Integer overflow in range filter boundary conversion (#17216)#17216

Closed
peterenescu wants to merge 1 commit intofacebookincubator:mainfrom
peterenescu:export-D101039167
Closed

fix: Integer overflow in range filter boundary conversion (#17216)#17216
peterenescu wants to merge 1 commit intofacebookincubator:mainfrom
peterenescu:export-D101039167

Conversation

@peterenescu
Copy link
Copy Markdown
Contributor

@peterenescu peterenescu commented Apr 16, 2026
edited by meta-codesync Bot
Loading

Summary:

When converting exclusive bounds to inclusive bounds for BigintRange, HugeintRange, and TimestampRange filters, the code unconditionally increments/decrements the boundary value. This overflows when the value is at the type limit (e.g., greaterThan(INT64_MAX) computes INT64_MAX + 1, which wraps to INT64_MIN, creating a range that matches everything instead of nothing). Guard against overflow by returning AlwaysFalse (or IsNull when nulls are allowed) when the boundary is at the type limit. This fixes incorrect query results for filters like WHERE col > 9223372036854775807.

Reviewed By: Yuhta

Differential Revision: D101039167

@netlify
Copy link
Copy Markdown

netlify Bot commented Apr 16, 2026
edited
Loading

Deploy Preview for meta-velox canceled.

Name Link
🔨 Latest commit 9efd125
🔍 Latest deploy log https://app.netlify.com/projects/meta-velox/deploys/69e68bd3251696000856607b

@meta-cla meta-cla Bot added the CLA Signed This label is managed by the Facebook bot. Authors need to sign the CLA before a PR can be reviewed. label Apr 16, 2026
@meta-codesync
Copy link
Copy Markdown

meta-codesync Bot commented Apr 16, 2026

@peterenescu has exported this pull request. If you are a Meta employee, you can view the originating Diff in D101039167.

@meta-codesync meta-codesync Bot changed the title Fix integer overflow in range filter boundary conversion fix: Integer overflow in range filter boundary conversion (#17216) Apr 16, 2026
peterenescu added a commit to peterenescu/velox that referenced this pull request Apr 16, 2026
@peterenescu @facebook-github-bot
fix: Integer overflow in range filter boundary conversion (facebookin…
5217e8e 
…cubator#17216)

Summary:

When converting exclusive bounds to inclusive bounds for BigintRange, HugeintRange, and TimestampRange filters, the code unconditionally increments/decrements the boundary value. This overflows when the value is at the type limit (e.g., greaterThan(INT64_MAX) computes INT64_MAX + 1, which wraps to INT64_MIN, creating a range that matches everything instead of nothing). Guard against overflow by returning AlwaysFalse (or IsNull when nulls are allowed) when the boundary is at the type limit. This fixes incorrect query results for filters like WHERE col > 9223372036854775807.

Differential Revision: D101039167
@peterenescu peterenescu force-pushed the export-D101039167 branch 2 times, most recently from 5217e8e to a921885 Compare April 16, 2026 18:48
peterenescu added a commit to peterenescu/velox that referenced this pull request Apr 16, 2026
@peterenescu @facebook-github-bot
fix: Integer overflow in range filter boundary conversion (facebookin…
a921885 
…cubator#17216)

Summary:

When converting exclusive bounds to inclusive bounds for BigintRange, HugeintRange, and TimestampRange filters, the code unconditionally increments/decrements the boundary value. This overflows when the value is at the type limit (e.g., greaterThan(INT64_MAX) computes INT64_MAX + 1, which wraps to INT64_MIN, creating a range that matches everything instead of nothing). Guard against overflow by returning AlwaysFalse (or IsNull when nulls are allowed) when the boundary is at the type limit. This fixes incorrect query results for filters like WHERE col > 9223372036854775807.

Differential Revision: D101039167
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 16, 2026

CI Failure Analysis

❌ Expression Fuzzer with Presto SOT — FUZZER Failure View logs

Fuzzer: Presto Expression Fuzzer with Presto as source of truth
Failed instance: 4 of 4 (seed=734102844)

Error: Velox and reference DB (Presto) results don't match

File: velox/exec/tests/utils/QueryAssertions.cpp:1119
Function: verify (velox/expression/tests/ExpressionVerifier.cpp:475)

Expected 100 rows, got 100 rows
4 extra rows (Velox result), 4 missing rows (Presto result)

The difference is in a single BIGINT value within array columns:
  Velox produced:  7699315252284262411
  Presto produced: 7699315267029862411
  Difference:      14745600000

All 4 mismatched rows contain this same value discrepancy in the same
array position, suggesting a deterministic computation difference
rather than a random/flaky issue.

Correlation with PR changes:

  • This PR modifies ExprToSubfieldFilter.h/.cpp to fix integer overflow in range filter boundary conversion (lessThan, greaterThan, lessThanHugeint, greaterThanHugeint, and timestamp variants).
  • The expression fuzzer tests random expression evaluation against Presto as a source of truth. The fuzzer exercises the general expression evaluation path, not the filter pushdown path that this PR modifies.
  • The result mismatch is a specific BIGINT value difference in array elements, which does not relate to the range filter boundary conversion changes in this PR.
  • This failure appears unrelated to the PR changes.

Known issues:

  • No open issue found tracking this specific failure.
  • The last 4 completed "Fuzzer Jobs" runs on main all had the "Expression Fuzzer with Presto SOT" job passing (run IDs: 24527876834, 24519029200, 24507099496, 24493973781).
  • This could be a newly surfaced flaky fuzzer issue or a rare non-deterministic mismatch between Velox and Presto. Since the fuzzer uses random seeds, this particular seed may exercise a code path that exposes a pre-existing discrepancy.

Reproduce locally:

./velox_expression_fuzzer_test \
    --seed 734102844 \
    --enable_variadic_signatures \
    --velox_fuzzer_enable_complex_types \
    --lazy_vector_generation_ratio 0.2 \
    --common_dictionary_wraps_generation_ratio=0.3 \
    --velox_fuzzer_enable_column_reuse \
    --velox_fuzzer_enable_expression_reuse \
    --enable_dereference \
    --duration_sec 300 \
    --special_forms="cast,coalesce,if" \
    --velox_fuzzer_max_level_of_nesting=1 \
    --presto_url=http://127.0.0.1:8080

Note: Requires a running Presto server on port 8080.

Recommended action:

  • This failure is likely unrelated to this PR. Consider re-running the fuzzer job to confirm.
  • If the failure reproduces consistently with seed 734102844, it may indicate a pre-existing Velox-vs-Presto discrepancy worth investigating separately.

peterenescu added a commit to peterenescu/velox that referenced this pull request Apr 17, 2026
@peterenescu @facebook-github-bot
fix: Integer overflow in range filter boundary conversion (facebookin…
053741e 
…cubator#17216)

Summary:

When converting exclusive bounds to inclusive bounds for BigintRange, HugeintRange, and TimestampRange filters, the code unconditionally increments/decrements the boundary value. This overflows when the value is at the type limit (e.g., greaterThan(INT64_MAX) computes INT64_MAX + 1, which wraps to INT64_MIN, creating a range that matches everything instead of nothing). Guard against overflow by returning AlwaysFalse (or IsNull when nulls are allowed) when the boundary is at the type limit. This fixes incorrect query results for filters like WHERE col > 9223372036854775807.

Differential Revision: D101039167
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 17, 2026
edited
Loading

Build Impact Analysis

Selective Build Targets (building these covers all 386 affected)

cmake --build _build/release --target aggregate_companion_functions_test physical_size_aggregator_test presto_sql_test spark_aggregation_fuzzer_test spark_expression_fuzzer_test velox_abfs_test velox_aggregates_GeometryAggregateTest velox_aggregates_reduce_agg_bm velox_aggregates_simple_aggregates_bm velox_aggregates_string_keys_bm velox_aggregates_test_group0 velox_aggregates_test_group1 velox_aggregates_test_group2 velox_aggregates_test_group3 velox_aggregates_test_group4 velox_aggregation_fuzzer_test velox_aggregation_runner_test velox_benchmark_array_writer_no_nulls velox_benchmark_array_writer_with_nulls velox_benchmark_basic_comparison_conjunct velox_benchmark_basic_decoded_vector velox_benchmark_basic_preproc velox_benchmark_basic_selectivity_vector velox_benchmark_basic_simple_arithmetic velox_benchmark_basic_simple_cast velox_benchmark_basic_vector_compare velox_benchmark_basic_vector_fuzzer velox_benchmark_basic_vector_slice velox_benchmark_estimate_flat_size velox_benchmark_expr_flat_no_nulls velox_benchmark_feature_normalization velox_benchmark_map_writer_no_nulls velox_benchmark_map_writer_with_nulls velox_benchmark_nested_array_writer_no_nulls velox_benchmark_nested_array_writer_with_nulls velox_cache_fuzzer velox_cast_benchmark velox_common_compression_test velox_common_geospatial_serde_test velox_common_test velox_constrained_input_generators_test velox_constrained_vector_generator_test velox_core_test velox_driver_test velox_duckdb_conversion_test velox_dwio_arrow_parquet_writer_test velox_dwio_cache_test velox_dwio_common_bitpack_decoder_benchmark velox_dwio_common_data_buffer_benchmark velox_dwio_common_int_decoder_benchmark velox_dwio_common_test velox_dwio_dwrf_buffered_output_stream_test velox_dwio_dwrf_byte_rle_encoder_test velox_dwio_dwrf_byte_rle_test velox_dwio_dwrf_checksum_test velox_dwio_dwrf_column_reader_test velox_dwio_dwrf_column_statistics_test velox_dwio_dwrf_compression_test velox_dwio_dwrf_config_test velox_dwio_dwrf_data_buffer_holder_test velox_dwio_dwrf_decompression_test velox_dwio_dwrf_decryption_test velox_dwio_dwrf_dictionary_encoder_test velox_dwio_dwrf_dictionary_encoding_utils_test velox_dwio_dwrf_encoding_selector_test velox_dwio_dwrf_encryption_test velox_dwio_dwrf_flush_policy_test velox_dwio_dwrf_index_builder_test velox_dwio_dwrf_int_direct_test velox_dwio_dwrf_int_encoder_test velox_dwio_dwrf_layout_planner_test velox_dwio_dwrf_ratio_checker_test velox_dwio_dwrf_reader_base_test velox_dwio_dwrf_reader_test velox_dwio_dwrf_rle_test velox_dwio_dwrf_rlev1_encoder_test velox_dwio_dwrf_stream_labels_test velox_dwio_dwrf_stripe_dictionary_cache_test velox_dwio_dwrf_stripe_reader_base_test velox_dwio_dwrf_stripe_stream_test velox_dwio_dwrf_utils_test velox_dwio_dwrf_writer_context_test velox_dwio_dwrf_writer_encoding_manager_test velox_dwio_dwrf_writer_sink_test velox_dwio_dwrf_writer_test velox_dwio_iceberg_reader_benchmark velox_dwio_orc_column_statistics_test velox_dwio_orc_reader_filter_test velox_dwio_orc_reader_test velox_dwio_parquet_common_test velox_dwio_parquet_page_reader_test velox_dwio_parquet_reader_benchmark velox_dwio_parquet_reader_test velox_dwio_parquet_rlebp_decoder_test velox_dwio_parquet_structure_decoder_benchmark velox_dwio_parquet_structure_decoder_test velox_dwio_parquet_table_scan_test velox_dwio_parquet_thrift_test velox_dwio_parquet_tpch_test velox_dwrf_column_writer_index_test velox_dwrf_column_writer_stats_test velox_dwrf_column_writer_test velox_dwrf_e2e_filter_test velox_dwrf_e2e_reader_test velox_dwrf_e2e_writer_test velox_dwrf_float_column_writer_benchmark velox_dwrf_int_encoder_benchmark velox_dwrf_statistics_builder_utils_test velox_dwrf_writer_extended_test velox_dwrf_writer_flush_test velox_example_expression_eval velox_example_opaque_type velox_example_operator_extensibility velox_example_scan_orc velox_example_simple_functions velox_example_vector_reader_writer velox_exchange_benchmark velox_exchange_fuzzer velox_exec_SpatialJoinTest velox_exec_bm_duplicate_project velox_exec_infra_test velox_exec_prefixsort_test velox_exec_test_group0 velox_exec_test_group1 velox_exec_test_group2 velox_exec_test_group3 velox_exec_test_group4 velox_exec_test_group5 velox_exec_test_group6 velox_exec_test_group7 velox_exec_util_test_group0 velox_exec_vector_hasher_benchmark velox_expression_fuzzer_test velox_expression_fuzzer_unit_test velox_expression_runner_test velox_expression_runner_unit_test velox_expression_test velox_expression_verifier_unit_test velox_filemetadata_test velox_filter_project_benchmark velox_format_datetime_benchmark velox_function_dynamic_link_test velox_function_registry_test velox_functions_aggregates_test velox_functions_benchmarks_compare velox_functions_benchmarks_row_writer_no_nulls velox_functions_benchmarks_simdjson_function_with_expr velox_functions_benchmarks_string_writer_no_nulls velox_functions_benchmarks_url velox_functions_iceberg_test velox_functions_json_test velox_functions_lib_test velox_functions_prestosql_benchmarks_array_contains velox_functions_prestosql_benchmarks_array_min_max velox_functions_prestosql_benchmarks_array_position velox_functions_prestosql_benchmarks_array_sum velox_functions_prestosql_benchmarks_bitwise velox_functions_prestosql_benchmarks_cardinality velox_functions_prestosql_benchmarks_comparisons velox_functions_prestosql_benchmarks_concat velox_functions_prestosql_benchmarks_date_time velox_functions_prestosql_benchmarks_field_reference velox_functions_prestosql_benchmarks_generic velox_functions_prestosql_benchmarks_in velox_functions_prestosql_benchmarks_map_concat velox_functions_prestosql_benchmarks_map_input velox_functions_prestosql_benchmarks_map_subscript velox_functions_prestosql_benchmarks_map_zip_with velox_functions_prestosql_benchmarks_not velox_functions_prestosql_benchmarks_regexp_replace velox_functions_prestosql_benchmarks_row velox_functions_prestosql_benchmarks_string_ascii_utf_functions velox_functions_prestosql_benchmarks_uuid_cast velox_functions_prestosql_benchmarks_width_bucket velox_functions_prestosql_benchmarks_zip velox_functions_prestosql_benchmarks_zip_with velox_functions_spark_aggregates_test velox_functions_spark_test velox_functions_test velox_fuzzer_connector_test velox_gcs_file_test velox_gcs_insert_test velox_gcs_multiendpoints_test velox_gcsfile_example velox_hash_benchmark velox_hash_join_build_benchmark velox_hash_join_list_result_benchmark velox_hash_join_prepare_join_table_benchmark velox_hdfs_file_test velox_hdfs_insert_test velox_hive_connector_test velox_hive_iceberg_deletion_vector_test velox_hive_iceberg_deletion_vector_writer_test velox_hive_iceberg_dwrf_insert_test velox_hive_iceberg_equality_delete_test velox_hive_iceberg_insert_test velox_hive_iceberg_test velox_hive_paimon_connector velox_hive_paimon_data_file_meta_test velox_hive_paimon_deletion_file_test velox_hive_paimon_row_kind_test velox_hive_paimon_split_test velox_hive_partition_function_benchmark velox_in_10_min_demo velox_join_fuzzer velox_key_encoder_test velox_like_benchmark velox_like_tpch_benchmark velox_mark_distinct_fuzzer velox_mark_sorted_benchmark velox_memory_arbitration_fuzzer velox_memory_test velox_merge_benchmark velox_numeric_upcast_benchmark velox_orderby_benchmark velox_parquet_e2e_filter_test velox_parquet_writer_sink_test velox_parquet_writer_test velox_parse_test velox_prefixsort_benchmark velox_presto_type_parser_test velox_presto_types_fuzzer_utils_test velox_presto_types_test velox_prestosql_coverage velox_query_replayer velox_re2_functions_benchmarks velox_read_benchmark velox_row_number_fuzzer velox_row_serializer_benchmark velox_row_test velox_rpc_operator_test velox_s3config_test velox_s3file_test velox_s3finalize_test velox_s3insert_test velox_s3metrics_test velox_s3multiendpoints_test velox_s3read_test velox_s3registration_test velox_serializer_benchmark velox_serializer_test_group0 velox_simple_aggregate_test velox_sort_benchmark velox_spark_function_registry_test velox_spark_query_runner_test velox_spark_types_test velox_spark_windows_test velox_sparksql_benchmarks_cast velox_sparksql_benchmarks_compare velox_sparksql_benchmarks_from_json velox_sparksql_benchmarks_get_funcs velox_sparksql_benchmarks_hash velox_sparksql_benchmarks_in velox_sparksql_benchmarks_simd_compare velox_sparksql_benchmarks_split velox_sparksql_coverage velox_spatial_join_benchmark velox_spatial_join_fuzzer velox_spiller_aggregate_benchmark velox_spiller_join_benchmark velox_streaming_aggregation_benchmark velox_table_evolution_fuzzer_test velox_test_util_test velox_text_reader_test velox_text_writer_test velox_tool_trace_test velox_topn_row_number_fuzzer velox_tpcds_connector_test velox_tpch_benchmark velox_tpch_connector_test velox_tpch_speed_test velox_trace_file_tool velox_type_test velox_unsafe_row_serialize_benchmark velox_vector_fuzzer_test velox_vector_test velox_wave_benchmark velox_wave_exec_test velox_window_fuzzer_test velox_window_prefixsort_benchmark velox_window_sub_partitioned_sort_benchmark velox_windows_agg_test velox_windows_rank_test velox_windows_value_test velox_writer_fuzzer_test

Total affected: 386/567 targets

Affected targets (386)

Directly changed (10)

Target Changed Files
velox_dwio_common ExprToSubfieldFilter.h
velox_dwio_common_test_utils ExprToSubfieldFilter.h
velox_dwio_parquet_reader_test ExprToSubfieldFilter.h
velox_exec_test_group6 ExprToSubfieldFilter.h
velox_exec_test_lib ExprToSubfieldFilter.h
velox_expression ExprToSubfieldFilter.cpp, ExprToSubfieldFilter.h
velox_expression_test ExprToSubfieldFilter.h, ExprToSubfieldFilterTest.cpp
velox_hive_connector ExprToSubfieldFilter.h
velox_hive_connector_test ExprToSubfieldFilter.h
velox_type_test ExprToSubfieldFilter.h, FilterTest.cpp

Transitively affected (376)

  • aggregate_companion_functions_test
  • physical_size_aggregator_test
  • presto_sql_test
  • spark_aggregation_fuzzer_test
  • spark_expression_fuzzer_test
  • velox_abfs_test
  • velox_aggregates
  • velox_aggregates_GeometryAggregateTest
  • velox_aggregates_reduce_agg_bm
  • velox_aggregates_simple_aggregates_bm
  • velox_aggregates_string_keys_bm
  • velox_aggregates_test_group0
  • velox_aggregates_test_group1
  • velox_aggregates_test_group2
  • velox_aggregates_test_group3
  • velox_aggregates_test_group4
  • velox_aggregation_fuzzer
  • velox_aggregation_fuzzer_base
  • velox_aggregation_fuzzer_test
  • velox_aggregation_result_verifier
  • velox_aggregation_runner_test
  • velox_async_rpc_function_registry
  • velox_benchmark_array_writer_no_nulls
  • velox_benchmark_array_writer_with_nulls
  • velox_benchmark_basic_comparison_conjunct
  • velox_benchmark_basic_decoded_vector
  • velox_benchmark_basic_preproc
  • velox_benchmark_basic_selectivity_vector
  • velox_benchmark_basic_simple_arithmetic
  • velox_benchmark_basic_simple_cast
  • velox_benchmark_basic_vector_compare
  • velox_benchmark_basic_vector_fuzzer
  • velox_benchmark_basic_vector_slice
  • velox_benchmark_builder
  • velox_benchmark_estimate_flat_size
  • velox_benchmark_expr_flat_no_nulls
  • velox_benchmark_feature_normalization
  • velox_benchmark_map_writer_no_nulls
  • velox_benchmark_map_writer_with_nulls
  • velox_benchmark_nested_array_writer_no_nulls
  • velox_benchmark_nested_array_writer_with_nulls
  • velox_cache_fuzzer
  • velox_cache_fuzzer_lib
  • velox_cast_benchmark
  • velox_common_compression_test
  • velox_common_geospatial_serde
  • velox_common_geospatial_serde_test
  • velox_common_test
  • velox_constrained_input_generators
  • velox_constrained_input_generators_test
  • velox_constrained_vector_generator
  • velox_constrained_vector_generator_test
  • velox_core_test
  • velox_coverage_util
  • velox_cursor
  • velox_driver_test
  • velox_duckdb_conversion_test
  • velox_duckdb_parser
  • velox_dwio_arrow_parquet_writer
  • velox_dwio_arrow_parquet_writer_lib
  • velox_dwio_arrow_parquet_writer_test
  • velox_dwio_arrow_parquet_writer_test_lib
  • velox_dwio_arrow_parquet_writer_util_lib
  • velox_dwio_cache_test
  • velox_dwio_common_bitpack_decoder_benchmark
  • velox_dwio_common_compression
  • velox_dwio_common_data_buffer_benchmark
  • velox_dwio_common_int_decoder_benchmark
  • velox_dwio_common_test
  • velox_dwio_dwrf_buffered_output_stream_test
  • velox_dwio_dwrf_byte_rle_encoder_test
  • velox_dwio_dwrf_byte_rle_test
  • velox_dwio_dwrf_checksum_test
  • velox_dwio_dwrf_column_reader_test
  • velox_dwio_dwrf_column_statistics_test
  • velox_dwio_dwrf_common
  • velox_dwio_dwrf_compression_test
  • velox_dwio_dwrf_config_test
  • velox_dwio_dwrf_data_buffer_holder_test
  • velox_dwio_dwrf_decompression_test
  • velox_dwio_dwrf_decryption_test
  • velox_dwio_dwrf_dictionary_encoder_test
  • velox_dwio_dwrf_dictionary_encoding_utils_test
  • velox_dwio_dwrf_encoding_selector_test
  • velox_dwio_dwrf_encryption_test
  • velox_dwio_dwrf_flush_policy_test
  • velox_dwio_dwrf_index_builder_test
  • velox_dwio_dwrf_int_direct_test
  • velox_dwio_dwrf_int_encoder_test
  • velox_dwio_dwrf_layout_planner_test
  • velox_dwio_dwrf_ratio_checker_test
  • velox_dwio_dwrf_reader
  • velox_dwio_dwrf_reader_base_test
  • velox_dwio_dwrf_reader_test
  • velox_dwio_dwrf_rle_test
  • velox_dwio_dwrf_rlev1_encoder_test
  • velox_dwio_dwrf_stream_labels_test
  • velox_dwio_dwrf_stripe_dictionary_cache_test
  • velox_dwio_dwrf_stripe_reader_base_test
  • velox_dwio_dwrf_stripe_stream_test
  • velox_dwio_dwrf_utils
  • velox_dwio_dwrf_utils_test
  • velox_dwio_dwrf_writer
  • velox_dwio_dwrf_writer_context_test
  • velox_dwio_dwrf_writer_encoding_manager_test
  • velox_dwio_dwrf_writer_sink_test
  • velox_dwio_dwrf_writer_test
  • velox_dwio_faulty_file_sink
  • velox_dwio_iceberg_reader_benchmark
  • velox_dwio_iceberg_reader_benchmark_lib
  • velox_dwio_native_parquet_reader
  • velox_dwio_orc_column_statistics_test
  • velox_dwio_orc_reader
  • velox_dwio_orc_reader_filter_test
  • velox_dwio_orc_reader_test
  • velox_dwio_parquet_common
  • velox_dwio_parquet_common_test
  • velox_dwio_parquet_page_reader_test
  • velox_dwio_parquet_reader
  • velox_dwio_parquet_reader_benchmark
  • velox_dwio_parquet_reader_benchmark_lib
  • velox_dwio_parquet_rlebp_decoder_test
  • velox_dwio_parquet_structure_decoder_benchmark
  • velox_dwio_parquet_structure_decoder_test
  • velox_dwio_parquet_table_scan_test
  • velox_dwio_parquet_thrift_test
  • velox_dwio_parquet_tpch_test
  • velox_dwio_parquet_writer
  • velox_dwio_text_reader
  • velox_dwio_text_reader_register
  • velox_dwio_text_writer
  • velox_dwio_text_writer_register
  • velox_dwrf_column_writer_index_test
  • velox_dwrf_column_writer_stats_test
  • velox_dwrf_column_writer_test
  • velox_dwrf_e2e_filter_test
  • velox_dwrf_e2e_reader_test
  • velox_dwrf_e2e_writer_test
  • velox_dwrf_float_column_writer_benchmark
  • velox_dwrf_int_encoder_benchmark
  • velox_dwrf_statistics_builder_utils_test
  • velox_dwrf_test_utils
  • velox_dwrf_writer_extended_test
  • velox_dwrf_writer_flush_test
  • velox_example_expression_eval
  • velox_example_opaque_type
  • velox_example_operator_extensibility
  • velox_example_scan_orc
  • velox_example_simple_functions
  • velox_example_vector_reader_writer
  • velox_exchange_benchmark
  • velox_exchange_fuzzer
  • velox_exec
  • velox_exec_SpatialJoinTest
  • velox_exec_bm_duplicate_project
  • velox_exec_infra_test
  • velox_exec_prefixsort_test
  • velox_exec_test_group0
  • velox_exec_test_group1
  • velox_exec_test_group2
  • velox_exec_test_group3
  • velox_exec_test_group4
  • velox_exec_test_group5
  • velox_exec_test_group7
  • velox_exec_util_test_group0
  • velox_exec_vector_hasher_benchmark
  • velox_expression_fuzzer
  • velox_expression_fuzzer_test
  • velox_expression_fuzzer_test_utility
  • velox_expression_fuzzer_unit_test
  • velox_expression_runner
  • velox_expression_runner_test
  • velox_expression_runner_unit_test
  • velox_expression_test_utility
  • velox_expression_verifier
  • velox_expression_verifier_unit_test
  • velox_filemetadata_test
  • velox_filter_project_benchmark
  • velox_format_datetime_benchmark
  • velox_function_dynamic_link_test
  • velox_function_registry
  • velox_function_registry_test
  • velox_functions_aggregates
  • velox_functions_aggregates_test
  • velox_functions_aggregates_test_lib
  • velox_functions_benchmarks_compare
  • velox_functions_benchmarks_row_writer_no_nulls
  • velox_functions_benchmarks_simdjson_function_with_expr
  • velox_functions_benchmarks_string_writer_no_nulls
  • velox_functions_benchmarks_url
  • velox_functions_geo
  • velox_functions_iceberg
  • velox_functions_iceberg_test
  • velox_functions_json
  • velox_functions_json_test
  • velox_functions_lib
  • velox_functions_lib_test
  • velox_functions_prestosql
  • velox_functions_prestosql_benchmarks_array_contains
  • velox_functions_prestosql_benchmarks_array_min_max
  • velox_functions_prestosql_benchmarks_array_position
  • velox_functions_prestosql_benchmarks_array_sum
  • velox_functions_prestosql_benchmarks_bitwise
  • velox_functions_prestosql_benchmarks_cardinality
  • velox_functions_prestosql_benchmarks_comparisons
  • velox_functions_prestosql_benchmarks_concat
  • velox_functions_prestosql_benchmarks_date_time
  • velox_functions_prestosql_benchmarks_field_reference
  • velox_functions_prestosql_benchmarks_generic
  • velox_functions_prestosql_benchmarks_in
  • velox_functions_prestosql_benchmarks_map_concat
  • velox_functions_prestosql_benchmarks_map_input
  • velox_functions_prestosql_benchmarks_map_subscript
  • velox_functions_prestosql_benchmarks_map_zip_with
  • velox_functions_prestosql_benchmarks_not
  • velox_functions_prestosql_benchmarks_regexp_replace
  • velox_functions_prestosql_benchmarks_row
  • velox_functions_prestosql_benchmarks_string_ascii_utf_functions
  • velox_functions_prestosql_benchmarks_uuid_cast
  • velox_functions_prestosql_benchmarks_width_bucket
  • velox_functions_prestosql_benchmarks_zip
  • velox_functions_prestosql_benchmarks_zip_with
  • velox_functions_prestosql_impl
  • velox_functions_spark
  • velox_functions_spark_aggregates
  • velox_functions_spark_aggregates_test
  • velox_functions_spark_impl
  • velox_functions_spark_specialforms
  • velox_functions_spark_test
  • velox_functions_spark_window
  • velox_functions_test
  • velox_functions_test_lib
  • velox_functions_window
  • velox_functions_window_test_lib
  • velox_fuzzer_connector
  • velox_fuzzer_connector_test
  • velox_fuzzer_util
  • velox_gcs
  • velox_gcs_file_test
  • velox_gcs_insert_test
  • velox_gcs_multiendpoints_test
  • velox_gcsfile_example
  • velox_hash_benchmark
  • velox_hash_join_build_benchmark
  • velox_hash_join_list_result_benchmark
  • velox_hash_join_prepare_join_table_benchmark
  • velox_hdfs
  • velox_hdfs_file_test
  • velox_hdfs_insert_test
  • velox_hive_iceberg_deletion_vector_test
  • velox_hive_iceberg_deletion_vector_writer_test
  • velox_hive_iceberg_dwrf_insert_test
  • velox_hive_iceberg_equality_delete_test
  • velox_hive_iceberg_insert_test
  • velox_hive_iceberg_splitreader
  • velox_hive_iceberg_test
  • velox_hive_paimon_connector
  • velox_hive_paimon_data_file_meta_test
  • velox_hive_paimon_deletion_file_test
  • velox_hive_paimon_row_kind_test
  • velox_hive_paimon_split
  • velox_hive_paimon_split_test
  • velox_hive_partition_function
  • velox_hive_partition_function_benchmark
  • velox_in_10_min_demo
  • velox_is_null_functions
  • velox_join_fuzzer
  • velox_key_encoder_test
  • velox_like_benchmark
  • velox_like_tpch_benchmark
  • velox_mark_distinct_fuzzer
  • velox_mark_distinct_fuzzer_lib
  • velox_mark_sorted_benchmark
  • velox_memory_arbitration_fuzzer
  • velox_memory_test
  • velox_merge_benchmark
  • velox_numeric_upcast_benchmark
  • velox_orderby_benchmark
  • velox_orderby_benchmark_util
  • velox_parquet_e2e_filter_test
  • velox_parquet_writer_sink_test
  • velox_parquet_writer_test
  • velox_parse_expression
  • velox_parse_parser
  • velox_parse_test
  • velox_parse_utils
  • velox_prefixsort_benchmark
  • velox_presto_type_parser_test
  • velox_presto_types
  • velox_presto_types_fuzzer_utils
  • velox_presto_types_fuzzer_utils_test
  • velox_presto_types_test
  • velox_prestosql_coverage
  • velox_query_benchmark
  • velox_query_replayer
  • velox_query_trace_replayer_base
  • velox_re2_functions_benchmarks
  • velox_read_benchmark
  • velox_row_number_fuzzer
  • velox_row_number_fuzzer_lib
  • velox_row_serializer_benchmark
  • velox_row_test
  • velox_rpc_function_stubs
  • velox_rpc_operator
  • velox_rpc_operator_test
  • velox_rpc_plan_node_translator
  • velox_s3config_test
  • velox_s3file_test
  • velox_s3finalize_test
  • velox_s3fs
  • velox_s3insert_test
  • velox_s3metrics_test
  • velox_s3multiendpoints_test
  • velox_s3read_test
  • velox_s3registration_test
  • velox_serializer_benchmark
  • velox_serializer_test_group0
  • velox_simple_aggregate
  • velox_simple_aggregate_test
  • velox_sort_benchmark
  • velox_spark_function_registry_test
  • velox_spark_query_runner
  • velox_spark_query_runner_test
  • velox_spark_types
  • velox_spark_types_test
  • velox_spark_windows_test
  • velox_sparksql_benchmarks_cast
  • velox_sparksql_benchmarks_compare
  • velox_sparksql_benchmarks_from_json
  • velox_sparksql_benchmarks_get_funcs
  • velox_sparksql_benchmarks_hash
  • velox_sparksql_benchmarks_in
  • velox_sparksql_benchmarks_simd_compare
  • velox_sparksql_benchmarks_split
  • velox_sparksql_coverage
  • velox_spatial_join_benchmark
  • velox_spatial_join_fuzzer
  • velox_spill_fuzzer_base_lib
  • velox_spiller_aggregate_benchmark
  • velox_spiller_aggregate_benchmark_base
  • velox_spiller_join_benchmark
  • velox_spiller_join_benchmark_base
  • velox_streaming_aggregation_benchmark
  • velox_table_evolution_fuzzer_test
  • velox_test_util_test
  • velox_text_reader_test
  • velox_text_writer_test
  • velox_tool_trace_test
  • velox_topn_row_number_fuzzer
  • velox_topn_row_number_fuzzer_lib
  • velox_tpcds_connector_test
  • velox_tpch_benchmark
  • velox_tpch_benchmark_lib
  • velox_tpch_connector
  • velox_tpch_connector_test
  • velox_tpch_speed_test
  • velox_trace_file_tool
  • velox_trace_file_tool_base
  • velox_unsafe_row_serialize_benchmark
  • velox_vector_fuzzer
  • velox_vector_fuzzer_test
  • velox_vector_test
  • velox_wave_benchmark
  • velox_wave_exec
  • velox_wave_exec_test
  • velox_wave_mock_reader
  • velox_window
  • velox_window_fuzzer
  • velox_window_fuzzer_test
  • velox_window_prefixsort_benchmark
  • velox_window_sub_partitioned_sort_benchmark
  • velox_windows_agg_test
  • velox_windows_rank_test
  • velox_windows_value_test
  • velox_writer_fuzzer
  • velox_writer_fuzzer_test

Fast path • Graph from main@ab3eea6015c1dc0c2f36864080c02d03859546be

peterenescu added a commit to peterenescu/velox that referenced this pull request Apr 17, 2026
@peterenescu @meta-codesync
fix: Integer overflow in range filter boundary conversion (facebookin…
537d721 
…cubator#17216)

Summary:
Pull Request resolved: facebookincubator#17216

When converting exclusive bounds to inclusive bounds for BigintRange, HugeintRange, and TimestampRange filters, the code unconditionally increments/decrements the boundary value. This overflows when the value is at the type limit (e.g., greaterThan(INT64_MAX) computes INT64_MAX + 1, which wraps to INT64_MIN, creating a range that matches everything instead of nothing). Guard against overflow by returning AlwaysFalse (or IsNull when nulls are allowed) when the boundary is at the type limit. This fixes incorrect query results for filters like WHERE col > 9223372036854775807.

Differential Revision: D101039167
peterenescu added a commit to peterenescu/velox that referenced this pull request Apr 20, 2026
@peterenescu @facebook-github-bot
fix: Integer overflow in range filter boundary conversion (facebookin…
ecc7597 
…cubator#17216)

Summary:

When converting exclusive bounds to inclusive bounds for BigintRange, HugeintRange, and TimestampRange filters, the code unconditionally increments/decrements the boundary value. This overflows when the value is at the type limit (e.g., greaterThan(INT64_MAX) computes INT64_MAX + 1, which wraps to INT64_MIN, creating a range that matches everything instead of nothing). Guard against overflow by returning AlwaysFalse (or IsNull when nulls are allowed) when the boundary is at the type limit. This fixes incorrect query results for filters like WHERE col > 9223372036854775807.

Reviewed By: Yuhta

Differential Revision: D101039167
peterenescu added a commit to peterenescu/velox that referenced this pull request Apr 20, 2026
@peterenescu @facebook-github-bot
fix: Integer overflow in range filter boundary conversion (facebookin…
87b1617 
…cubator#17216)

Summary:

When converting exclusive bounds to inclusive bounds for BigintRange, HugeintRange, and TimestampRange filters, the code unconditionally increments/decrements the boundary value. This overflows when the value is at the type limit (e.g., greaterThan(INT64_MAX) computes INT64_MAX + 1, which wraps to INT64_MIN, creating a range that matches everything instead of nothing). Guard against overflow by returning AlwaysFalse (or IsNull when nulls are allowed) when the boundary is at the type limit. This fixes incorrect query results for filters like WHERE col > 9223372036854775807.

Reviewed By: Yuhta

Differential Revision: D101039167
@peterenescu @meta-codesync
fix: Integer overflow in range filter boundary conversion (facebookin…
9efd125 
…cubator#17216)

Summary:
Pull Request resolved: facebookincubator#17216

When converting exclusive bounds to inclusive bounds for BigintRange, HugeintRange, and TimestampRange filters, the code unconditionally increments/decrements the boundary value. This overflows when the value is at the type limit (e.g., greaterThan(INT64_MAX) computes INT64_MAX + 1, which wraps to INT64_MIN, creating a range that matches everything instead of nothing). Guard against overflow by returning AlwaysFalse (or IsNull when nulls are allowed) when the boundary is at the type limit. This fixes incorrect query results for filters like WHERE col > 9223372036854775807.

Reviewed By: Yuhta

Differential Revision: D101039167
@meta-codesync meta-codesync Bot closed this in f1c6510 Apr 20, 2026
@meta-codesync
Copy link
Copy Markdown

meta-codesync Bot commented Apr 20, 2026

This pull request has been merged in f1c6510.

shrshi pushed a commit to patdevinwilson/velox that referenced this pull request Apr 23, 2026
@peterenescu @shrshi
fix: Integer overflow in range filter boundary conversion (facebookin…
09d74bf 
…cubator#17216)

Summary:
Pull Request resolved: facebookincubator#17216

When converting exclusive bounds to inclusive bounds for BigintRange, HugeintRange, and TimestampRange filters, the code unconditionally increments/decrements the boundary value. This overflows when the value is at the type limit (e.g., greaterThan(INT64_MAX) computes INT64_MAX + 1, which wraps to INT64_MIN, creating a range that matches everything instead of nothing). Guard against overflow by returning AlwaysFalse (or IsNull when nulls are allowed) when the boundary is at the type limit. This fixes incorrect query results for filters like WHERE col > 9223372036854775807.

Reviewed By: Yuhta

Differential Revision: D101039167

fbshipit-source-id: fdaddc66c7fb91c079c3dab136b76fc1eafead6e
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Yuhta Yuhta Yuhta approved these changes

Assignees

No one assigned

Labels

CLA Signed This label is managed by the Facebook bot. Authors need to sign the CLA before a PR can be reviewed. fb-exported Merged meta-exported

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@peterenescu @Yuhta