(arrow-rs) branch 57_maintenance updated: [57_maintenance] Prevent BitChunks length overflow (#9818) (#9918)

Wed, 06 May 2026 06:03:11 -0700 

This is an automated email from the ASF dual-hosted git repository.

alamb pushed a commit to branch 57_maintenance
in repository https://gitbox.apache.org/repos/asf/arrow-rs.git


The following commit(s) were added to refs/heads/57_maintenance by this push:
     new abd6d4dbc9 [57_maintenance] Prevent BitChunks length overflow (#9818) 
(#9918)
abd6d4dbc9 is described below

commit abd6d4dbc91af3079b6a00bb7f3fba14bfe4b082
Author: Andrew Lamb <[email protected]>
AuthorDate: Wed May 6 09:02:34 2026 -0400

    [57_maintenance] Prevent BitChunks length overflow (#9818) (#9918)
    
    - Part of https://github.com/apache/arrow-rs/issues/9858
    - Fixes https://github.com/apache/arrow-rs/issues/9903 in 57.x releases
    
    This PR:
    - Backports https://github.com/apache/arrow-rs/pull/9818 from @alamb to
    the `57_maintenance` line
---
 arrow-buffer/src/util/bit_chunk_iterator.rs | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/arrow-buffer/src/util/bit_chunk_iterator.rs 
b/arrow-buffer/src/util/bit_chunk_iterator.rs
index 8c7ec5e9a8..6655c397eb 100644
--- a/arrow-buffer/src/util/bit_chunk_iterator.rs
+++ b/arrow-buffer/src/util/bit_chunk_iterator.rs
@@ -220,10 +220,8 @@ pub struct BitChunks<'a> {
 impl<'a> BitChunks<'a> {
     /// Create a new [`BitChunks`] from a byte array, and an offset and length 
in bits
     pub fn new(buffer: &'a [u8], offset: usize, len: usize) -> Self {
-        assert!(
-            ceil(offset + len, 8) <= buffer.len(),
-            "offset + len out of bounds"
-        );
+        let end = offset.checked_add(len).expect("offset + len out of bounds");
+        assert!(ceil(end, 8) <= buffer.len(), "offset + len out of bounds");
 
         let byte_offset = offset / 8;
         let bit_offset = offset % 8;
@@ -550,6 +548,13 @@ mod tests {
         buffer.bit_chunks(1, ALLOC_SIZE * 8);
     }
 
+    #[test]
+    #[should_panic(expected = "offset + len out of bounds")]
+    fn test_out_of_bound_should_panic_when_offset_and_length_overflow() {
+        let buffer = Buffer::from(vec![0xFF_u8; 8]);
+        buffer.bit_chunks(1, usize::MAX);
+    }
+
     #[test]
     #[allow(clippy::assertions_on_constants)]
     fn test_unaligned_bit_chunk_iterator() {

Reply via email to