Fuzzing Crash: VortexError in array_ops

## Fuzzing Crash Report

### Analysis

**Crash Location**: `vortex-array/src/expr/exprs/cast/mod.rs:130:execute`

**Error Message**:
```
scalar_at:
  No CastReduce to cast constant array from decimal(1,-33)? to utf8?
```

<details>
<summary>Stack Trace</summary>

```
stack backtrace:
   0: __rustc::rust_begin_unwind
             at /rustc/db3e99bbab28c6ca778b13222becdea54533d908/library/std/src/panicking.rs:689:5
   1: core::panicking::panic_fmt
             at /rustc/db3e99bbab28c6ca778b13222becdea54533d908/library/core/src/panicking.rs:80:14
   2: panic_display<vortex_error::VortexError>
             at /rustc/db3e99bbab28c6ca778b13222becdea54533d908/library/core/src/panicking.rs:259:5
   3: {closure#1}<vortex_scalar::scalar::Scalar, vortex_error::VortexError>
             at ./vortex-error/src/lib.rs:457:9
   4: unwrap_or_else<vortex_scalar::scalar::Scalar, vortex_error::VortexError, vortex_error::{impl#11}::vortex_expect::{closure_env#1}<vortex_scalar::scalar::Scalar, vortex_error::VortexError>>
             at /rustc/db3e99bbab28c6ca778b13222becdea54533d908/library/core/src/result.rs:1622:23
   5: vortex_expect<vortex_scalar::scalar::Scalar, vortex_error::VortexError>
             at ./vortex-error/src/lib.rs:310:14
   6: assert_array_eq
             at ./fuzz/src/array/mod.rs:725:36
   7: run_fuzz_action
             at ./fuzz/src/array/mod.rs:649:17
   8: __libfuzzer_sys_run
             at ./fuzz/fuzz_targets/array_ops.rs:14:11
   9: rust_fuzzer_test_input
             at /home/runner/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/libfuzzer-sys-0.4.10/src/lib.rs:363:60
  10: {closure#0}
             at /home/runner/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/libfuzzer-sys-0.4.10/src/lib.rs:62:9
  11: do_call<libfuzzer_sys::test_input_wrap::{closure_env#0}, i32>
             at /rustc/db3e99bbab28c6ca778b13222becdea54533d908/library/std/src/panicking.rs:581:40
  12: __rust_try
  13: catch_unwind<i32, libfuzzer_sys::test_input_wrap::{closure_env#0}>
             at /rustc/db3e99bbab28c6ca778b13222becdea54533d908/library/std/src/panicking.rs:544:19
  14: catch_unwind<libfuzzer_sys::test_input_wrap::{closure_env#0}, i32>
             at /rustc/db3e99bbab28c6ca778b13222becdea54533d908/library/std/src/panic.rs:359:14
  15: test_input_wrap
             at /home/runner/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/libfuzzer-sys-0.4.10/src/lib.rs:60:22
  16: _ZN6fuzzer6Fuzzer15ExecuteCallbackEPKhm
             at /home/runner/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/libfuzzer-sys-0.4.10/libfuzzer/FuzzerLoop.cpp:619:13
  17: _ZN6fuzzer6Fuzzer6RunOneEPKhmbPNS_9InputInfoEbPb
             at /home/runner/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/libfuzzer-sys-0.4.10/libfuzzer/FuzzerLoop.cpp:516:7
  18: _ZN6fuzzer6Fuzzer25ReadAndExecuteSeedCorporaERSt6vectorINS_9SizedFileESaIS2_EE
             at /home/runner/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/libfuzzer-sys-0.4.10/libfuzzer/FuzzerLoop.cpp:834:7
  19: _ZN6fuzzer6Fuzzer4LoopERSt6vectorINS_9SizedFileESaIS2_EE
             at /home/runner/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/libfuzzer-sys-0.4.10/libfuzzer/FuzzerLoop.cpp:872:3
   ... (7 more frames truncated)
```
</details>


### Root Cause Analysis

The crash is a VortexError panic at vortex-array/src/expr/exprs/cast/mod.rs:130, where a CastReduce implementation is missing for casting from decimal(1,-33)? to utf8?. The root cause is that the fuzzer generates a DecimalDType with a negative scale (-33), which is an unusual or unsupported parameter combination, and no cast kernel is registered to handle the decimal-to-utf8 conversion for such types. The fix should either register a CastReduce implementation that handles decimal-to-string casting (including edge cases like negative scale), or validate decimal DType parameters earlier to reject invalid scale values before they reach the cast expression.


### Summary

- **Target**: `array_ops`
- **Crash File**: `crash-8b5e2d1b0fb7c2d7040a758c160156b05db473bf`
- **Branch**: develop
- **Commit**: 0d0a97c9db827a7d6b69e8cece0b2b61189b580d
- **Crash Artifact**: https://github.com/vortex-data/vortex/actions/runs/21999114019/artifacts/5504459066

### Reproduction

1. Download the crash artifact:
   - **Direct download**: https://github.com/vortex-data/vortex/actions/runs/21999114019/artifacts/5504459066
   - Extract the zip file

2. Reproduce locally:
```bash
cargo +nightly fuzz run -D --sanitizer=none array_ops array_ops/crash-8b5e2d1b0fb7c2d7040a758c160156b05db473bf -- -rss_limit_mb=0
```

3. Get full backtrace:
```bash
RUST_BACKTRACE=full cargo +nightly fuzz run -D --sanitizer=none array_ops array_ops/crash-8b5e2d1b0fb7c2d7040a758c160156b05db473bf -- -rss_limit_mb=0
```



---
*Auto-created by fuzzing workflow*

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fuzzing Crash: VortexError in array_ops #6509

Fuzzing Crash Report

Analysis

Root Cause Analysis

Summary

Reproduction

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Fuzzing Crash: VortexError in array_ops #6509

Description

Fuzzing Crash Report

Analysis

Root Cause Analysis

Summary

Reproduction

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions