address arithmetic_side_effects lints (#644)

demoray · web-flow · commit 6bffed2a6dd3 · 2025-03-14T10:04:29.000-07:00
diff --git a/src/disk_usage.rs b/src/disk_usage.rs
@@ -45,7 +45,10 @@ pub fn check(
 
 fn check_max_usage(estimated: u64, max_disk_usage: NonZeroU64) -> Result<()> {
     // convert to MB
-    let allowed = max_disk_usage.get() * 1024 * 1024;
+    let allowed = max_disk_usage
+        .get()
+        .saturating_mul(1024)
+        .saturating_mul(1024);
 
     if estimated > allowed {
         return Err(Error::DiskUsageEstimateExceeded { estimated, allowed });
@@ -142,9 +145,9 @@ fn disk_usage(path: &Path) -> Result<DiskUsage> {
         .try_into()
         .map_err(|e| Error::Other("unable to identify block size", format!("{e}")))?;
 
-    let total = statfs.f_blocks * f_bsize;
-    let free = statfs.f_bavail * f_bsize;
-    let used = total - free;
+    let total = statfs.f_blocks.saturating_mul(f_bsize);
+    let free = statfs.f_bavail.saturating_mul(f_bsize);
+    let used = total.saturating_sub(free);
 
     let result = DiskUsage { total, used };
 
diff --git a/src/image.rs b/src/image.rs
@@ -83,7 +83,8 @@ impl Header {
         let end = src
             .read_u64::<LittleEndian>()
             .map_err(|e| Error::ReadHeader(e, "end offset"))?
-            + 1;
+            .checked_add(1)
+            .ok_or(Error::TooLarge)?;
         let padding = src
             .read_u64::<LittleEndian>()
             .map_err(|e| Error::ReadHeader(e, "padding"))?;
@@ -108,7 +109,10 @@ impl Header {
         };
         let mut bytes = [0; 32];
         LittleEndian::write_u32_into(&[magic, self.version], &mut bytes[..8]);
-        LittleEndian::write_u64_into(&[self.range.start, self.range.end - 1, 0], &mut bytes[8..]);
+        LittleEndian::write_u64_into(
+            &[self.range.start, self.range.end.saturating_sub(1), 0],
+            &mut bytes[8..],
+        );
         Ok(bytes)
     }
 
@@ -143,7 +147,7 @@ where
     while size >= PAGE_SIZE {
         src.read_exact(&mut buf).map_err(Error::Read)?;
         dst.write_all(&buf).map_err(Error::Write)?;
-        size -= PAGE_SIZE;
+        size = size.saturating_sub(PAGE_SIZE);
     }
     if size > 0 {
         buf.resize(size, 0);
@@ -159,8 +163,14 @@ where
     R: Read,
     W: Write,
 {
-    let size = usize::try_from(header.range.end - header.range.start)
-        .map_err(|_| Error::SizeConversion)?;
+    let size = usize::try_from(
+        header
+            .range
+            .end
+            .checked_sub(header.range.start)
+            .ok_or(Error::SizeConversion)?,
+    )
+    .map_err(|_| Error::SizeConversion)?;
 
     // read the entire block into memory, but still read page by page
     let mut buf = Cursor::new(vec![0; size]);
@@ -202,7 +212,7 @@ where
     W: Write,
 {
     header.write(dst)?;
-    let size = usize::try_from(header.range.end - header.range.start)
+    let size = usize::try_from(header.range.end.saturating_sub(header.range.start))
         .map_err(|_| Error::SizeConversion)?;
 
     if header.version == 1 {
@@ -232,7 +242,7 @@ where
     R: Read,
     W: Write,
 {
-    if header.range.end - header.range.start > MAX_BLOCK_SIZE {
+    if header.range.end.saturating_sub(header.range.start) > MAX_BLOCK_SIZE {
         copy_large_block(header, src, dst)
     } else {
         copy_if_nonzero(header, src, dst)
@@ -252,10 +262,14 @@ where
     W: Write,
 {
     if header.version == 2 {
-        while header.range.end - header.range.start > MAX_BLOCK_SIZE {
+        while header.range.end.saturating_sub(header.range.start) > MAX_BLOCK_SIZE {
             let range = Range {
                 start: header.range.start,
-                end: header.range.start + MAX_BLOCK_SIZE,
+                end: header
+                    .range
+                    .start
+                    .checked_add(MAX_BLOCK_SIZE)
+                    .ok_or(Error::TooLarge)?,
             };
             copy_block_impl(
                 &Header {
@@ -265,7 +279,11 @@ where
                 src,
                 dst,
             )?;
-            header.range.start += MAX_BLOCK_SIZE;
+            header.range.start = header
+                .range
+                .start
+                .checked_add(MAX_BLOCK_SIZE)
+                .ok_or(Error::TooLarge)?;
         }
     }
     if header.range.end > header.range.start {
diff --git a/src/iomem.rs b/src/iomem.rs
@@ -89,12 +89,13 @@ pub fn split_ranges(ranges: Vec<Range<u64>>, max_size: u64) -> Vec<Range<u64>> {
     let mut result = vec![];
 
     for mut range in ranges {
-        while range.end - range.start > max_size {
+        while range.end.saturating_sub(range.start) > max_size {
+            let end = range.start.saturating_add(max_size);
             result.push(Range {
                 start: range.start,
-                end: range.start + max_size,
+                end,
             });
-            range.start += max_size;
+            range.start = end;
         }
         if !range.is_empty() {
             result.push(range);
diff --git a/src/lib.rs b/src/lib.rs
@@ -91,7 +91,7 @@ pub(crate) fn format_error(e: &impl StdError, f: &mut Formatter) -> FmtResult {
         while let Some(inner) = source {
             writeln!(f, "{i: >5}: {inner}")?;
             source = inner.source();
-            i += 1;
+            i = i.saturating_add(1);
         }
     }
 
diff --git a/src/snapshot.rs b/src/snapshot.rs
@@ -269,11 +269,14 @@ impl<'a, 'b> Snapshot<'a, 'b> {
                     header.range.contains(&range.start),
                     // TODO: ranges is currently inclusive, but not a
                     // RangeInclusive.  this should be adjusted.
-                    header.range.contains(&(range.end - 1)),
+                    header.range.contains(&(range.end.saturating_sub(1))),
                 ) {
                     (true, true) => {
                         let block = Block {
-                            offset: header.offset + range.start - header.range.start,
+                            offset: header
+                                .offset
+                                .saturating_add(range.start)
+                                .saturating_sub(header.range.start),
                             range: range.clone(),
                         };
 
@@ -282,7 +285,10 @@ impl<'a, 'b> Snapshot<'a, 'b> {
                     }
                     (true, false) => {
                         let block = Block {
-                            offset: header.offset + range.start - header.range.start,
+                            offset: header
+                                .offset
+                                .saturating_add(range.start)
+                                .saturating_sub(header.range.start),
                             range: range.start..header.range.end,
                         };
 
@@ -353,13 +359,17 @@ impl<'a, 'b> Snapshot<'a, 'b> {
             .first()
             .ok_or_else(|| Error::UnableToCreateSnapshot("no initial memory range".to_string()))?
             .start;
-        let start = first_vaddr - first_start;
+        let start = first_vaddr.saturating_sub(first_start);
 
         let mut physical_ranges = vec![];
 
         for phdr in segments {
-            let entry_start = phdr.p_vaddr - start;
-            let entry_end = entry_start + phdr.p_memsz;
+            let entry_start = phdr.p_vaddr.checked_sub(start).ok_or_else(|| {
+                Error::UnableToCreateSnapshot("unable to calculate start address".to_string())
+            })?;
+            let entry_end = entry_start.checked_add(phdr.p_memsz).ok_or_else(|| {
+                Error::UnableToCreateSnapshot("unable to calculate end address".to_string())
+            })?;
 
             physical_ranges.push(Block {
                 range: entry_start..entry_end,
diff --git a/src/upload/blobstore.rs b/src/upload/blobstore.rs
@@ -115,7 +115,9 @@ fn calc_concurrency(
                 x if (x < REASONABLE_BLOCK_SIZE * BLOB_MAX_BLOCKS) => REASONABLE_BLOCK_SIZE,
                 // otherwise, just use the smallest block size that will fit
                 // within MAX BLOCKS to reduce memory pressure
-                x => (x / BLOB_MAX_BLOCKS) + 1,
+                x => (x / BLOB_MAX_BLOCKS)
+                    .checked_add(1)
+                    .ok_or(Error::TooLarge)?,
             }
         }
         // minimum required to hit high-throughput block blob performance thresholds
@@ -130,11 +132,11 @@ fn calc_concurrency(
     let upload_concurrency = match upload_concurrency {
         // manually specifying concurrency of 0 will disable concurrency
         0 | 1 => 1,
-        _ => match (MEMORY_THRESHOLD).saturating_div(block_size) {
-            0 => 1,
+        _ => match (MEMORY_THRESHOLD).checked_div(block_size) {
+            None | Some(0) => 1,
             // cap the number of concurrent threads to reduce concurrency issues
             // at the server end.
-            x => cmp::min(MAX_CONCURRENCY, x),
+            Some(x) => cmp::min(MAX_CONCURRENCY, x),
         },
     };
 
diff --git a/src/write_counter.rs b/src/write_counter.rs
@@ -29,7 +29,7 @@ impl<W> Counter<W> {
 impl<W: Write> Write for Counter<W> {
     fn write(&mut self, buf: &[u8]) -> Result<usize> {
         let count = self.inner.write(buf)?;
-        self.count += count;
+        self.count = self.count.saturating_add(count);
         Ok(count)
     }
 

Original file line number	Diff line number	Diff line change
`@@ -91,7 +91,7 @@ pub(crate) fn format_error(e: &impl StdError, f: &mut Formatter) -> FmtResult {`
`91`	`91`	`while let Some(inner) = source {`
`92`	`92`	`writeln!(f, "{i: >5}: {inner}")?;`
`93`	`93`	`source = inner.source();`
`94`		`- i += 1;`
	`94`	`+ i = i.saturating_add(1);`
`95`	`95`	`}`
`96`	`96`	`}`
`97`	`97`
Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,7 @@ impl<W> Counter<W> {`
`29`	`29`	`impl<W: Write> Write for Counter<W> {`
`30`	`30`	`fn write(&mut self, buf: &[u8]) -> Result<usize> {`
`31`	`31`	`let count = self.inner.write(buf)?;`
`32`		`- self.count += count;`
	`32`	`+ self.count = self.count.saturating_add(count);`
`33`	`33`	`Ok(count)`
`34`	`34`	`}`
`35`	`35`