alamb commented on code in PR #9887:
URL: https://github.com/apache/arrow-rs/pull/9887#discussion_r3189310679
##########
arrow-avro/src/reader/vlq.rs:
##########
@@ -32,8 +32,17 @@ impl VLQDecoder {
pub fn long(&mut self, buf: &mut &[u8]) -> Option<i64> {
while let Some(byte) = buf.first().copied() {
*buf = &buf[1..];
- self.in_progress |= ((byte & 0x7F) as u64) << self.shift;
- self.shift += 7;
+ // A valid varint that fits in `u64` is at most 10 bytes, so
+ // the shift is at most 63. Use `checked_shl` to silently drop
+ // contributions past bit 63 instead of panicking with
+ // "attempt to shift left with overflow", and saturate the
+ // shift counter so a stream of continuation bytes can't wrap
Review Comment:
I wonder if it would be better to return an error here on invalid input
rather than silently ignoring it 🤔
@mzabaluev or @jecsand838 I wonder if you have an opinion
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
