From d54c56fd4320f9e459435ec1ea24db6c0736ada2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Crozet?= Date: Sat, 14 Jan 2023 15:37:12 +0100 Subject: [PATCH] Fix potential unsoundness in ColumnIter::split_at --- src/base/iter.rs | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/src/base/iter.rs b/src/base/iter.rs index f213f096..0e4aa8d4 100644 --- a/src/base/iter.rs +++ b/src/base/iter.rs @@ -314,16 +314,17 @@ impl<'a, T, R: Dim, C: Dim, S: 'a + RawStorage> ColumnIter<'a, T, R, C, } pub(crate) fn split_at(self, index: usize) -> (Self, Self) { - // SAFETY: it’s OK even if index > self.range.len() because - // the iterations will yield None in this case. + // SAFETY: this makes sur the generated ranges are valid. + let split_pos = (self.range.start + index).min(self.range.end); + let left_iter = ColumnIter { mat: self.mat, - range: self.range.start..(self.range.start + index), + range: self.range.start..split_pos, }; let right_iter = ColumnIter { mat: self.mat, - range: (self.range.start + index)..self.range.end, + range: split_pos..self.range.end, }; (left_iter, right_iter) @@ -401,19 +402,18 @@ impl<'a, T, R: Dim, C: Dim, S: 'a + RawStorageMut> ColumnIterMut<'a, T, } pub(crate) fn split_at(self, index: usize) -> (Self, Self) { - // SAFETY: it’s OK even if index > self.range.len() because - // the iterations will yield None in this case. - assert!(index <= self.range.len()); + // SAFETY: this makes sur the generated ranges are valid. + let split_pos = (self.range.start + index).min(self.range.end); let left_iter = ColumnIterMut { mat: self.mat, - range: self.range.start..(self.range.start + index), + range: self.range.start..split_pos, phantom: Default::default(), }; let right_iter = ColumnIterMut { mat: self.mat, - range: (self.range.start + index)..self.range.end, + range: split_pos..self.range.end, phantom: Default::default(), };