11// !!! DO NOT EDIT - THIS IS AN AUTO-GENERATED FILE !!!
2- // Created by amalgamation.sh on 2024-09-19T15:00:26Z
2+ // Created by amalgamation.sh on 2024-09-19T23:52:46Z
33
44/*
55 * The CRoaring project is under a dual license (Apache/MIT).
@@ -24641,7 +24641,8 @@ roaring64_bitmap_t *roaring64_bitmap_portable_deserialize_safe(
2464124641 memcpy(&high32, buf, sizeof(high32));
2464224642 buf += sizeof(high32);
2464324643 read_bytes += sizeof(high32);
24644- if (high32 < previous_high32) {
24644+ // High 32 bits must be strictly increasing.
24645+ if (high32 <= previous_high32) {
2464524646 roaring64_bitmap_free(r);
2464624647 return NULL;
2464724648 }
@@ -24663,6 +24664,24 @@ roaring64_bitmap_t *roaring64_bitmap_portable_deserialize_safe(
2466324664 buf += bitmap32_size;
2466424665 read_bytes += bitmap32_size;
2466524666
24667+ // While we don't attempt to validate much, we must ensure that there
24668+ // is no duplication in the high 48 bits - inserting into the ART
24669+ // assumes (or UB) no duplicate keys. The top 32 bits must be unique
24670+ // because we check for strict increasing values of high32, but we
24671+ // must also ensure the top 16 bits within each 32-bit bitmap are also
24672+ // at least unique (we ensure they're strictly increasing as well,
24673+ // which they must be for a _valid_ bitmap, since it's cheaper to check)
24674+ int32_t last_bitmap_key = -1;
24675+ for (int i = 0; i < bitmap32->high_low_container.size; i++) {
24676+ uint16_t key = bitmap32->high_low_container.keys[i];
24677+ if (key <= last_bitmap_key) {
24678+ roaring_bitmap_free(bitmap32);
24679+ roaring64_bitmap_free(r);
24680+ return NULL;
24681+ }
24682+ last_bitmap_key = key;
24683+ }
24684+
2466624685 // Insert all containers of the 32-bit bitmap into the 64-bit bitmap.
2466724686 move_from_roaring32_offset(r, bitmap32, high32);
2466824687 roaring_bitmap_free(bitmap32);
0 commit comments