From 3dda83d83200b4c1f047f345a7ff71de428ed4f1 Mon Sep 17 00:00:00 2001 From: elee7420-gif Date: Mon, 6 Jul 2026 00:33:09 +0300 Subject: [PATCH] fix(simd_path): clamp resolve_ptrs iteration to buf.len() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit resolve_ptrs() iterates self.indices.len() times over a fixed-size [*const u8; 32] buffer with no guard. When a file path exceeds 512 bytes (32 chunks × 16 bytes), the loop accesses buf[32] and panics: index out of bounds: the len is 32 but the index is 32 On macOS PATH_MAX is 1024, so any legitimately long path can trigger this. Clamp count to buf.len() so pathological paths are truncated gracefully instead of crashing. Fixes an OOB panic found in pi-fff v0.9.6. --- crates/fff-core/src/simd_path.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crates/fff-core/src/simd_path.rs b/crates/fff-core/src/simd_path.rs index d4d0acd8..d06bb49d 100644 --- a/crates/fff-core/src/simd_path.rs +++ b/crates/fff-core/src/simd_path.rs @@ -103,7 +103,7 @@ impl ChunkedString { arena: ArenaPtr, buf: &'a mut [*const u8; 32], ) -> &'a [*const u8] { - let count = self.indices.len(); + let count = self.indices.len().min(buf.len()); let base = arena.as_ptr(); for (i, &idx) in self.indices.iter().enumerate() { buf[i] = unsafe { base.add(idx as usize * SIMD_CHUNK_BYTES) };