fix: prevent potential out-of-range access in FixedSizeListArray (#5902)

* fix: prevent potential out-of-range access in FixedSizeListArray

Signed-off-by: BubbleCal <[email protected]>

* add benchmark & format

Signed-off-by: BubbleCal <[email protected]>

* format Cargo.toml

Signed-off-by: BubbleCal <[email protected]>

---------

Signed-off-by: BubbleCal <[email protected]>

Author: BubbleCal

arrow-array/Cargo.toml

@@ -66,3 +66,7 @@ harness = false
 [[bench]]
 name = "gc_view_types"
 harness = false
+
+[[bench]]
+name = "fixed_size_list_array"
+harness = false

arrow-array/benches/fixed_size_list_array.rs

@@ -0,0 +1,51 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+use arrow_array::{Array, FixedSizeListArray, Int32Array};
+use arrow_schema::Field;
+use criterion::*;
+use rand::{thread_rng, Rng};
+use std::sync::Arc;
+
+fn gen_fsl(len: usize, value_len: usize) -> FixedSizeListArray {
+    let mut rng = thread_rng();
+    let values = Arc::new(Int32Array::from(
+        (0..len).map(|_| rng.gen::<i32>()).collect::<Vec<_>>(),
+    ));
+    let field = Arc::new(Field::new("item", values.data_type().clone(), true));
+    FixedSizeListArray::new(field, value_len as i32, values, None)
+}
+
+fn criterion_benchmark(c: &mut Criterion) {
+    let len = 4096;
+    for value_len in [1, 32, 1024] {
+        let fsl = gen_fsl(len, value_len);
+        c.bench_function(
+            &format!("fixed_size_list_array(len: {len}, value_len: {value_len})"),
+            |b| {
+                b.iter(|| {
+                    for i in 0..len / value_len {
+                        black_box(fsl.value(i));
+                    }
+                });
+            },
+        );
+    }
+}
+
+criterion_group!(benches, criterion_benchmark);
+criterion_main!(benches);

arrow-array/src/array/fixed_size_list_array.rs

@@ -245,15 +245,15 @@ impl FixedSizeListArray {
     /// Returns ith value of this list array.
     pub fn value(&self, i: usize) -> ArrayRef {
         self.values
-            .slice(self.value_offset(i) as usize, self.value_length() as usize)
+            .slice(self.value_offset_at(i), self.value_length() as usize)
     }
 
     /// Returns the offset for value at index `i`.
     ///
     /// Note this doesn't do any bound checking, for performance reason.
     #[inline]
     pub fn value_offset(&self, i: usize) -> i32 {
-        self.value_offset_at(i)
+        self.value_offset_at(i) as i32
     }
 
     /// Returns the length for an element.
@@ -265,8 +265,8 @@ impl FixedSizeListArray {
     }
 
     #[inline]
-    const fn value_offset_at(&self, i: usize) -> i32 {
-        i as i32 * self.value_length
+    const fn value_offset_at(&self, i: usize) -> usize {
+        i * self.value_length as usize
     }
 
     /// Returns a zero-copy slice of this array with the indicated offset and length.