GH-49104: [C++] Fix Segfault in SparseCSFIndex::Equals with mismatched dimensions

[AliRana30]

Rationale for This Change

The SparseCSFIndex::Equals method can crash when comparing two sparse indices that have a different number of dimensions. The method iterates over the indices() and indptr() vectors of the current object and accesses the corresponding elements in the other object without first verifying that both objects have matching vector sizes. This can lead to out-of-bounds access and a segmentation fault when the dimension counts differ.

What Changes Are Included in This PR?

This change adds explicit size equality checks for the indices() and indptr() vectors at the beginning of the SparseCSFIndex::Equals method. If the dimensions do not match, the method now safely returns false instead of attempting invalid memory access.

Are These Changes Tested?

Yes. The fix has been validated through targeted reproduction of the crash scenario using mismatched dimension counts, ensuring the method behaves safely and deterministically.

Are There Any User-Facing Changes?

No. This change improves internal safety and robustness without altering public APIs or observable user behavior.

• GitHub Issue: [C++] Segfault in SparseCSFIndex::Equals with mismatched dimensions #49104

[github-actions]

Thanks for opening a pull request!

If this is not a minor PR. Could you open an issue for this pull request on GitHub? https://github.com/apache/arrow/issues/new/choose

Opening GitHub issues ahead of time contributes to the Openness of the Apache Arrow project.

Then could you also rename the pull request title in the following format?

GH-${GITHUB_ISSUE_ID}: [${COMPONENT}] ${SUMMARY}

or

MINOR: [${COMPONENT}] ${SUMMARY}

See also:

• Other pull requests
• Contribution Guidelines - Contributing Overview

[github-actions]

⚠️ GitHub issue #49104 has been automatically assigned in GitHub to PR creator.

[kou]

Could you add a test for this case?

[AliRana30]

@kou On your request, I have added a new test case, TestEqualityMismatchedDimensions, in
cpp/src/arrow/sparse_tensor_test.cc.

Test details:
This test compares SparseCSFIndex objects with mismatched dimensions (for example, 1D vs 2D) to verify that Equals now safely returns false instead of causing a segfault.

Fix summary:
The fix adds explicit checks for the sizes of indices, indptr, and axis_order before attempting to iterate over them, ensuring safe comparison when dimensions do not match.

[kou]

Could you fix the lint failure?

[AliRana30]

I have fixed the lint failures by reformatting SparseCSFIndex::Equals() to comply with the 90-character line limit and Arrow's style guide. All functionality remains unchanged.

You can have a check on it ):

[AliRana30]

Note: Some packaging/JNI tests are failing due to Docker image naming with my fork. The core C++ tests should be passing.
Some builds are failing due to Google Benchmark deprecation warnings in benchmark_util.h (not modified by this PR). The core issue fix and tests are complete.
I think it's not an issue>

[AliRana30]

@kou can you have a look at this ??

[raulcd]

Why is this being changed?

[rok]

Pease revert this to make the PR more readable.

[raulcd]

Could you explain why is this required?

[AliRana30]

@raulcd This change fixes a segmentation fault that occurs when comparing SparseCSFIndex objects with mismatched dimensions.

Bug description:
The original implementation calls indices()[i]->Equals(...) without first verifying that both objects have the same number of dimensions. When comparing,
for example, a 2D index with a 3D index:

• indices().size() returns different values (e.g., 2 vs 3)
• The loop iterates using the size of the first object
• Accessing other.indices()[i] with mismatched sizes results in out-of-bounds access, leading to a segmentation fault

Fix:
Lines 408–416 add early size checks before any iteration:

if (indices().size() != other.indices().size()) return false;
if (indptr().size() != other.indptr().size()) return false;
if (axis_order().size() != other.axis_order().size()) return false;

These checks ensure that Equals safely returns false when dimensions do not match, preventing access to invalid memory.

Test coverage:
Added TestEqualityMismatchedDimensions (lines 1644–1661), which reproduces the original issue. Without this fix, the test would crash due to the segmentation fault.

[raulcd]

Hii @Alirana2829 thanks for the comment.
I wasn't asking about a summary of the overall change, I do understand what we are trying to solve with the PR. I am talking about those specific line changes I am pointing out on the review comments. Those two specific changes do not seem required.

[AliRana30]

@raulcd You're absolutely right - the axis_order size check was redundant. Since the final return axis_order() == other.axis_order() already uses vector equality (which checks size internally), that check was unnecessary.

I've removed it. The PR now only contains the essential size checks for indices() and indptr() that prevent the segfault from out-of-bounds access.

[AliRana30]

@rok I've reverted the formatting changes. The loop bodies are back to single-line format.

[rok]

This looks ok, I would just add the one test.

[rok]

Suggested change

	ASSERT_FALSE(si_3D->Equals(*si_2D));
	}
	ASSERT_FALSE(si_3D->Equals(*si_2D));
	ASSERT_TRUE(si_2D->Equals(*si_2D));
	}

[rok]

How about just replacing this function?

Suggested change

	bool SparseCSFIndex::Equals(const SparseCSFIndex& other) const {
	auto eq = [](const auto& a, const auto& b) { return a->Equals(*b); };
	return axis_order() == other.axis_order()
	&& std::ranges::equal(indices(), other.indices(), eq)
	&& std::ranges::equal(indptr(), other.indptr(), eq);
	}