search

jorgecarleitao / parquet2

Fastest and safest Rust implementation of parquet. `unsafe` free. Integration-tested against pyarrow
Other
356 stars 59 forks source link

FixedLenByteArray max_precision integer overflow #184

Closed evanrichter closed 2 years ago

evanrichter commented 2 years ago

fuzzing found a multiplication overflow here:

https://github.com/jorgecarleitao/parquet2/blob/7caafa4ddc7c00dc81038736829e9e973611f956/src/schema/types/spec.rs#L44

so I changed it to a checked_mul and also realized the subtract 1 could underflow also. the fuzzer didn't confirm, but the rust compiler did:


error: this arithmetic operation will overflow
 --> src/main.rs:2:20
  |
2 |     println!("{}", (i32::MIN / 8) * 8 - 1);
  |                    ^^^^^^^^^^^^^^^^^^^^^^ attempt to compute `i32::MIN - 1_i32`, which would overflow
jorgecarleitao commented 2 years ago

Thanks, @evanrichter 🙇