Describe the bug
lead panics during execution when given i64::MAX as the offset. The
LEAD branch computes (range.start as i64 - self.shift_offset) as usize,
which subtracts past i64::MIN when shift_offset = i64::MAX.
This is the symmetric case of #22221 (which reports i64::MIN panicking
during planning via negation). The i64::MAX value reaches the execution
path instead, panics with a different message at a different line, so
filing separately — same area, probably the same fix.
To Reproduce
SELECT lead(x, 9223372036854775807) OVER (ORDER BY x ROWS BETWEEN CURRENT ROW AND UNBOUNDED FOLLOWING)
FROM (VALUES (1),(2),(3)) AS t(x);
Actual behavior
thread 'main' panicked at datafusion/functions-window/src/lead_lag.rs:556:13:
attempt to subtract with overflow
Expected behavior
Return an execution error for an invalid offset, not a panic.
Notes
Source: https://github.com/apache/datafusion/blob/53.1.0/datafusion/functions-window/src/lead_lag.rs#L556
Found via LLM-guided fuzz testing on DataFusion 53.1.0.
Describe the bug
leadpanics during execution when giveni64::MAXas the offset. TheLEAD branch computes
(range.start as i64 - self.shift_offset) as usize,which subtracts past
i64::MINwhenshift_offset = i64::MAX.This is the symmetric case of #22221 (which reports
i64::MINpanickingduring planning via negation). The
i64::MAXvalue reaches the executionpath instead, panics with a different message at a different line, so
filing separately — same area, probably the same fix.
To Reproduce
Actual behavior
Expected behavior
Return an execution error for an invalid offset, not a panic.
Notes
Source: https://github.com/apache/datafusion/blob/53.1.0/datafusion/functions-window/src/lead_lag.rs#L556
Found via LLM-guided fuzz testing on DataFusion 53.1.0.