Fix UB in mergeTreeAnalyzeIndexes() in case of invalid optimizations argument

[azat]

Changelog category (leave one):

• Bug Fix (user-visible misbehavior in an official stable release)

Changelog entry (a user-readable short description of the changes that goes into CHANGELOG.md):

Fix UB in mergeTreeAnalyzeIndexes() in case of invalid optimizations argument

CI: https://s3.amazonaws.com/clickhouse-test-reports/json.html?PR=100901&sha=ea7a8e3f184a84849d198bb1a3666bf257a81f82&name_0=PR&name_1=Stress%20test%20%28arm_ubsan%29

[clickhouse-gh]

Workflow [PR], commit [5189a33]

Summary: ❌

job_name	test_name	status	info	comment
Integration tests (amd_llvm_coverage, 2/5)		failure
	test_overcommit_tracker/test.py::test_user_overcommit	FAIL	cidb
Stress test (amd_asan_ubsan)		failure
	Logical error: 'Unexpected return type from round. Expected UInt16. Got Const(UInt8)' (STID: 3262-40c8)	FAIL	cidb
Stress test (arm_release)		failure
	Logical error: Too large size (A) passed to allocator. It indicates an error. (STID: 1367-3193)	FAIL	cidb
Stress test (arm_msan)		failure
	Logical error: Shard number is greater than shard count: shard_num=A shard_count=B cluster=C (STID: 5066-564d)	FAIL	cidb

---

AI Review

Summary

This PR hardens mergeTreeAnalyzeIndexes argument parsing for optional optimization arguments, eliminating the undefined-behavior path on invalid args_array input and adding a regression test for the failure mode. The change is focused, behaviorally consistent with existing argument validation, and I did not find correctness, safety, or compatibility issues in the touched code.

ClickHouse Rules

Item	Status	Notes
Deletion logging	➖
Serialization versioning	➖
Core-area scrutiny	✅
No test removal	✅
Experimental gate	➖
No magic constants	✅
Backward compatibility	✅
SettingsChangesHistory.cpp	➖
PR metadata quality	✅
Safe rollout	✅
Compilation time	✅

Final Verdict

• Status: ✅ Approve

[clickhouse-gh]

LLVM Coverage Report

Metric	Baseline	Current	Δ
Lines	84.20%	84.20%	+0.00%
Functions	90.90%	90.90%	+0.00%
Branches	76.70%	76.70%	+0.00%

Changed lines: 92.00% (46/50) · Uncovered code

Full report · Diff report

[azat]

Integration tests (amd_llvm_coverage, 2/5)

• tests: attempt to fix test_overcommit_tracker flakiness under amd_llvm_coverage #101270

Stress test (amd_asan_ubsan)

• Unexpected return type from {} from tryAddJoinRuntimeFilter #101306

Stress test (arm_msan)

• LOGICAL_ERROR Shard number is greater than shard count with parallel replicas #81738

Stress test (arm_release)

• Too large size ({}) passed to allocator. It indicates an error. in MergingSortedAlgorithm #101308

[clickgapai]

Hi — this PR may need backporting to release branches 26.3, 26.2, 26.1, but no backport label was found.

Why: This fixes UB (out-of-bounds array access) in mergeTreeAnalyzeIndexes that could cause crashes on invalid input. The table function has existed since before 25.8. The fix is small and safe to backport.

If this should be backported, consider adding pr-must-backport or a version-specific label (e.g. v26.3-must-backport). Ignore this if backporting is not applicable.