Fix bf.unset(u64::MAX) causing delayed panic on bf.ranges()

Kubuxu · Stebalien · commit 35fc054bcde4 · 2022-03-29T18:51:50.000-04:00
Detected by rle_encode fuzz target.
Caused by overflow when trying to compute input ranges into difference
operation within `ranges()`.

Signed-off-by: Jakub Sztandera &lt;kubuxu@protocol.ai&gt;
diff --git a/ipld/bitfield/src/lib.rs b/ipld/bitfield/src/lib.rs
@@ -170,6 +170,9 @@ impl BitField {
 
     /// Removes the bit at a given index from the bit field.
     pub fn unset(&mut self, bit: u64) {
+        if bit == u64::MAX {
+            return;
+        }
         self.set.remove(&bit);
         self.unset.insert(bit);
     }
diff --git a/ipld/bitfield/src/rleplus/mod.rs b/ipld/bitfield/src/rleplus/mod.rs
@@ -509,6 +509,20 @@ mod tests {
         assert_eq!(2, last);
     }
 
+    #[test]
+    fn test_unset_max() {
+        // Create any bitfield
+        let ranges: Vec<u64> = vec![0, 1, 2, 3];
+        let iter = ranges_from_bits(ranges);
+        let mut bf = BitField::from_ranges(iter);
+
+        // Unset u64::MAX
+        bf.unset(u64::MAX);
+
+        let last = bf.ranges().last().unwrap();
+        assert_eq!(0..4, last);
+    }
+
     #[test]
     fn test_zero_last() {
         let mut bf = BitField::new();

Original file line number	Diff line number	Diff line change
`@@ -170,6 +170,9 @@ impl BitField {`
`170`	`170`
`171`	`171`	`/// Removes the bit at a given index from the bit field.`
`172`	`172`	`pub fn unset(&mut self, bit: u64) {`
	`173`	`+ if bit == u64::MAX {`
	`174`	`+ return;`
	`175`	`+ }`
`173`	`176`	`self.set.remove(&bit);`
`174`	`177`	`self.unset.insert(bit);`
`175`	`178`	`}`