tustvold commented on code in PR #6024:
URL: https://github.com/apache/arrow-rs/pull/6024#discussion_r1669971282
##########
parquet/src/util/bit_util.rs:
##########
@@ -435,6 +435,10 @@ impl BitReader {
/// This function panics if
/// - `num_bits` is larger than the bit-capacity of `T`
///
+ // FIXME: soundness issue - this method can be used to write arbitrary
bytes to any
Review Comment:
A simple fix to this would be to add a `BIT_CAPACITY` field to `FromBytes`
and set this to
* `1` for `bool`
* `std::mem::size_of::<Self>() * 8` for integers
* `0` for everything else
And then update the assertions in `get_batch` to be
```
assert!(num_bits <= T::BIT_CAPACITY);
assert_ne!(T::BIT_CAPACITY, 0);
```
`FromBytes` is a crate-private trait and so this should be sufficient,
although we could conceivably Seal it as add protection
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
