Skip to content

fix: Used checked_add for bounds checks to avoid UB#9568

Open
etseidl wants to merge 2 commits intoapache:mainfrom
etseidl:bit_mask_bounds
Open

fix: Used checked_add for bounds checks to avoid UB#9568
etseidl wants to merge 2 commits intoapache:mainfrom
etseidl:bit_mask_bounds

Conversation

@etseidl
Copy link
Contributor

@etseidl etseidl commented Mar 17, 2026

Which issue does this PR close?

Rationale for this change

See issue, but it is possible to construct arguments to arrow_buffer::bit_util::bit_mask::set_bits that overflow the bounds checking protecting unsafe code.

What changes are included in this PR?

Use checked_add when doing the bounds checking and panic when an overflow occurs.

Are these changes tested?

Yes

Are there any user-facing changes?

No

@github-actions github-actions bot added the arrow Changes to the arrow crate label Mar 17, 2026
@jhorstmann
Copy link
Contributor

jhorstmann commented Mar 18, 2026

Looks good. On 64-bit systems the len * 8 should also never overflow in practice. I'm not sure how well we support 32-bit systems, if we do we might need to take a look at more places where a length in bits is calculated.

@etseidl
Copy link
Contributor Author

etseidl commented Mar 18, 2026

Looks good. On 64-bit systems the len * 8 should also never overflow in practice. I'm not sure how well we support 32-bit systems, if we do we might need to take a look at more places where a length in bits is calculated.

Agreed. I think the most likely scenario would be bad input resulting in ridiculous offsets. This will guard against that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Dandandan Dandandan Dandandan approved these changes

Assignees

No one assigned

Labels

arrow Changes to the arrow crate

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Soundness Bugs in this crate

3 participants

@etseidl @jhorstmann @Dandandan