Skip to content

GH-33823: [C++][IPC] Improve error messages when opening files that are the wrong format #49771

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
RobertLD wants to merge 6 commits into
base: main
Choose a base branch
from
+68 −1
Open

GH-33823: [C++][IPC] Improve error messages when opening files that are the wrong format #49771

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
abd2b9c
#33823 Improve err msgs when opening files that are the wrong format
RobertLD Apr 16, 2026
db7dd63
33823 Formatting + linting
RobertLD Apr 16, 2026
d025ab0
Update cpp/src/arrow/ipc/reader.cc
RobertLD Apr 24, 2026
1d9b536
Update cpp/src/arrow/ipc/message.cc
RobertLD Apr 24, 2026
407c134
33823 Add tests to verify new err msgs
RobertLD Apr 29, 2026
d01cb5d
33823 PR suggestions
RobertLD May 12, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions cpp/src/arrow/ipc/message.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -565,6 +565,17 @@ Status DecodeMessage(MessageDecoder* decoder, io::InputStream* file) {
auto metadata_length = decoder->next_required_size();
ARROW_ASSIGN_OR_RAISE(auto metadata, file->Read(metadata_length));
if (metadata->size() != metadata_length) {
// The first sizeof(int32_t) bytes of the Arrow file magic ("ARRO") may have been
// misread as metadata_length. Check if the remaining bytes complete the magic.
Copy link
Copy Markdown
Member

@pitrou pitrou May 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How likely is it to have a metadata message exactly 1330795073 bytes long ("ARRO" decoded as a 32-bit little-endian integer)? Perhaps we can check up front instead of trying to read so much data?

cc @lidavidm @paleolimbot for opinions.

Copy link
Copy Markdown
Member

@lidavidm lidavidm May 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, a gigabyte of metadata raises flags anyways

Copy link
Copy Markdown
Member

@paleolimbot paleolimbot May 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In nanoarrow we check the first few bytes for the magic string and skip them (then attempt to read the rest of the input as an IPC stream). We've never run into a complaint about this not working but I'm not sure how widespread the usage is (we could add an option to turn it off or improve the error that occurs if we run into one). I think 1330795073 bytes of metadata would never reasonably occur on purpose.

Copy link
Copy Markdown
Author

@RobertLD RobertLD May 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I moved the check to happen first, and avoid the large read if possible

const auto remaining_magic = internal::kArrowMagicBytes.substr(sizeof(int32_t));
if (metadata->size() >= static_cast<int64_t>(remaining_magic.size()) &&
std::string_view(reinterpret_cast<const char*>(metadata->data()),
remaining_magic.size()) == remaining_magic) {
Copy link
Copy Markdown
Member

@pitrou pitrou May 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This would only work on a little-endian machine. We need to be endianness-agnostic (see ConsumeInitialData).

return Status::Invalid("Expected to read ", metadata_length,
" metadata bytes, but only read ", metadata->size(),
". This appears to be an Arrow IPC file. "
"Try the IPC file reader instead of the IPC stream reader.");
}
return Status::Invalid("Expected to read ", metadata_length, " metadata bytes, but ",
"only read ", metadata->size());
}
Expand Down
46 changes: 46 additions & 0 deletions cpp/src/arrow/ipc/read_write_test.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2265,6 +2265,52 @@ TEST(TestRecordBatchStreamReader, MalformedInput) {
ASSERT_RAISES(Invalid, RecordBatchStreamReader::Open(&garbage_reader));
}

TEST(TestRecordBatchStreamReader, OpenFileFormatSuggestsFileReader) {
std::shared_ptr<RecordBatch> batch;
ASSERT_OK(MakeIntRecordBatch(&batch));

FileWriterHelper helper;
ASSERT_OK(helper.Init(batch->schema(), IpcWriteOptions::Defaults()));
ASSERT_OK(helper.WriteBatch(batch));
ASSERT_OK(helper.Finish());

io::BufferReader reader(helper.buffer_);
// Check we mention using the file_reader when we detect file format
EXPECT_RAISES_WITH_MESSAGE_THAT(Invalid, ::testing::HasSubstr("file reader"),
Copy link
Copy Markdown
Member

@pitrou pitrou May 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we be a bit more specific and match a longer substring? For example "Try the IPC file reader".

Copy link
Copy Markdown
Author

@RobertLD RobertLD May 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

addressed

RecordBatchStreamReader::Open(&reader));
}

TEST(TestRecordBatchStreamReader, CorruptDataDoesNotSuggestFileReader) {
// Continuation marker + metadata_length = 100, then 8 bytes of non-magic data.
const std::string corrupt(
"\xff\xff\xff\xff"
"\x64\x00\x00\x00"
"ABABABAB",
16);
auto buffer = std::make_shared<Buffer>(corrupt);
io::BufferReader reader(buffer);
// Validate that we don't suggest file reader when file is just corrupt
EXPECT_RAISES_WITH_MESSAGE_THAT(
Invalid, ::testing::Not(::testing::HasSubstr("file reader")),
RecordBatchStreamReader::Open(&reader));
}

TEST(TestRecordBatchFileReader, OpenStreamFormatSuggestsStreamReader) {
std::shared_ptr<RecordBatch> batch;
ASSERT_OK(MakeIntRecordBatch(&batch));

StreamWriterHelper helper;
ASSERT_OK(helper.Init(batch->schema(), IpcWriteOptions::Defaults()));
ASSERT_OK(helper.WriteBatch(batch));
ASSERT_OK(helper.Finish());

auto buf_reader = std::make_shared<io::BufferReader>(helper.buffer_);
// Check we mention using the stream_reader when we detect stream format
EXPECT_RAISES_WITH_MESSAGE_THAT(
Invalid, ::testing::HasSubstr("stream reader"),
Copy link
Copy Markdown
Member

@pitrou pitrou May 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here.

Copy link
Copy Markdown
Author

@RobertLD RobertLD May 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ditto

RecordBatchFileReader::Open(buf_reader.get(), helper.buffer_->size()));
}

class EndlessCollectListener : public CollectListener {
public:
EndlessCollectListener() : CollectListener(), decoder_(nullptr) {}
Expand Down
4 changes: 3 additions & 1 deletion cpp/src/arrow/ipc/reader.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1890,7 +1890,9 @@ class RecordBatchFileReaderImpl : public RecordBatchFileReader {
const auto magic_start = buffer->data() + sizeof(int32_t);
if (std::string_view(reinterpret_cast<const char*>(magic_start), kMagicSize) !=
kArrowMagicBytes) {
return Status::Invalid("Not an Arrow file");
return Status::Invalid(
"Not an Arrow file. If this is an Arrow IPC streaming format file, use "
"the IPC stream reader instead.");
Comment thread
RobertLD marked this conversation as resolved.
Outdated
}

int32_t footer_length = bit_util::FromLittleEndian(
Expand Down
Loading