Deny invalid bits which are out of range

Author: robamu

bitbybit/src/bitfield/parsing.rs

@@ -378,11 +378,11 @@ fn parse_field(base_data_size: usize, field: &Field) -> Result<FieldDefinition>
             (indexed_count - 1) * indexed_stride.unwrap() + highest_bit_index_in_ranges;
         if number_of_bits_indexed > base_data_size {
             return Err(Error::new_spanned(
-                field.attrs.first(),
-                format!(
-                    "bitfield!: Array-field {} requires {number_of_bits_indexed} bits for the array, but only has ({})", field_name, base_data_size
-                )
-            ));
+                    field.attrs.first(),
+                    format!(
+                        "bitfield!: Array-field {} requires {number_of_bits_indexed} bits for the array, but only has ({})", field_name, base_data_size
+                    )
+                ));
         }
 
         if indexed_count < 2 {
@@ -396,6 +396,8 @@ fn parse_field(base_data_size: usize, field: &Field) -> Result<FieldDefinition>
         }
     }
 
+    verify_bits_in_range(field, field_name, &ranges, base_data_size)?;
+
     let (custom_type, getter_type, setter_type) = if field_type_size_from_data_type.is_none() {
         parse_enumeration(ty, &primitive_type)?
     } else {
@@ -430,11 +432,30 @@ fn parse_field(base_data_size: usize, field: &Field) -> Result<FieldDefinition>
         doc_comment,
         array: indexed_count.map(|count| (count, indexed_stride.unwrap())),
         field_type_size_from_data_type: field_type_size_from_data_type.map(|v| v.0),
-        is_signed: field_type_size_from_data_type.map_or(false, |v| v.1),
+        is_signed: field_type_size_from_data_type.is_some_and(|v| v.1),
         unsigned_field_type,
     })
 }
 
+fn verify_bits_in_range(
+    field: &Field,
+    field_name: &Ident,
+    ranges: &[Range<usize>],
+    base_data_size: usize,
+) -> syn::Result<()> {
+    let highest_bit_index_in_ranges = ranges.iter().map(|range| range.end).max().unwrap_or(0);
+    if highest_bit_index_in_ranges > base_data_size {
+        return Err(Error::new_spanned(
+            field.attrs.first(),
+            format!(
+                "bitfield!: Field {} requires {} bits, but only has ({})",
+                field_name, highest_bit_index_in_ranges, base_data_size
+            ),
+        ));
+    }
+    Ok(())
+}
+
 /// Parses the arguments of a field. At the beginning and after each comma, Reset is used. After
 /// that, the various take_xxx functions are used to switch states.
 #[derive(Copy, Clone, PartialEq, Eq, Debug)]

bitbybit/tests/no_compile/invalid_bit_pos.rs

@@ -0,0 +1,9 @@
+use bitbybit::bitfield;
+
+#[bitfield(u32, default = 0)]
+struct Test {
+    #[bit(32, rw)]
+    field: bool,
+}
+
+fn main() {}

bitbybit/tests/no_compile/invalid_bit_pos.stderr

@@ -0,0 +1,5 @@
+error: bitfield!: Field field requires 33 bits, but only has (32)
+ --> tests/no_compile/invalid_bit_pos.rs:5:5
+  |
+5 |     #[bit(32, rw)]
+  |     ^^^^^^^^^^^^^^

bitbybit/tests/no_compile/invalid_bits_pos.rs

@@ -0,0 +1,9 @@
+use bitbybit::bitfield;
+
+#[bitfield(u32, default = 0)]
+struct Test {
+    #[bits(31..=32, rw)]
+    field: u2,
+}
+
+fn main() {}

bitbybit/tests/no_compile/invalid_bits_pos.stderr

@@ -0,0 +1,5 @@
+error: bitfield!: Field field requires 33 bits, but only has (32)
+ --> tests/no_compile/invalid_bits_pos.rs:5:5
+  |
+5 |     #[bits(31..=32, rw)]
+  |     ^^^^^^^^^^^^^^^^^^^^

bitbybit/tests/tests.rs

@@ -10,4 +10,6 @@ fn all_tests() {
     t.compile_fail("tests/no_compile/non_exhaustive_bitenum.rs");
     t.compile_fail("tests/no_compile/invalid_field_range.rs");
     t.compile_fail("tests/no_compile/invalid_field_access.rs");
+    t.compile_fail("tests/no_compile/invalid_bit_pos.rs");
+    t.compile_fail("tests/no_compile/invalid_bits_pos.rs");
 }