veluca93 commented on code in PR #6021:
URL: https://github.com/apache/arrow-rs/pull/6021#discussion_r1669394875
##########
parquet/src/util/bit_util.rs:
##########
@@ -435,6 +435,10 @@ impl BitReader {
/// This function panics if
/// - `num_bits` is larger than the bit-capacity of `T`
///
+ // FIXME: soundness issue - this method can be used to write arbitrary
bytes to any
Review Comment:
Safe code could implement, for example, FromBytes on Box<T>. Then
constructing a BitReader from a buffer of 0 Bytes, and calling get_batch on a
slice of Box<T> would end up creating a Box<T> containing a null pointer, which
is UB.
The issue here is that this code assumes (AFAIU) that all bit patterns are
valid for `T: FromBytes`, and this is true for the implementations of FromBytes
here - but safe code could easily make it not true anymore. Thus, probably the
best solution is to make `FromBytes` an `unsafe` trait.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
