Fix integer overflow in BitBufferMut::truncate and append_n#8474
Conversation
|
sign off the commit to pass DCO: |
|
stylistically - I think we use error messagess that read more like "Operation X on Y overflowed" |
Merging this PR will improve performance by 13.04%
Performance Changes
Tip Curious why this is faster? Comment Comparing Footnotes
|
e1b0d3e to
141d008
Compare
Signed-off-by: Sungjin Kim <carp1230@gmail.com>
141d008 to
078b397
Compare
|
This PR has been marked as stale because it has been open for 14 days with no activity. Please comment or remove the stale label if you wish to keep it active, otherwise it will be closed in 7 days |
|
This PR was closed because it has been inactive for 7 days since being marked as stale. |
|
@AdamGS anything missing here? |
AdamGS
left a comment
There was a problem hiding this comment.
No, just lost track of it
|
@ksj1230 thank you for you contribution! I apologize for taking so long. |
|
Thanks for merging! Happy to help. |
Summary
Several methods on
BitBufferMutuse unchecked arithmetic on offset/length values, which can overflow in release mode and lead to undefined behavior reachable entirely from safe code (#![forbid(unsafe_code)]).Affected methods:
truncate:self.offset + lenoverflows, causing the buffer to be truncated to an incorrect size.append_n:self.offset + self.len + noverflows, causing incorrect capacity calculation.Fix: add overflow assertions before the unchecked addition.
Reproduction (all use
#![forbid(unsafe_code)]):Related: #7979 (the
BufferMut::zeroed_alignedoverflow I reported to maintainers in April 2025; this PR addresses additional overflow sites found during the same audit)Testing
Existing
cargo test -p vortex-bufferpasses (789 tests + 6 doc-tests).Both PoCs now panic with overflow message instead of UB.
Happy to adjust the approach if maintainers prefer a different fix strategy.