Guard against integer overflow when realizing an integer compact_seq.

LTLA · LTLA · commit 48581547e12b · 2026-03-30T01:57:16.000+11:00
Necessary as the compact_seq's internal representation uses doubles for the
start/step, and we don't know whether the sequence's start/end might overflow.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -20,7 +20,7 @@ if(RDS2CPP_FETCH_EXTERN)
     add_subdirectory(extern)
 else()
     find_package(ltla_byteme 2.1.3 CONFIG REQUIRED)
-    find_package(ltla_sanisizer 0.2.1 CONFIG REQUIRED)
+    find_package(ltla_sanisizer 0.2.2 CONFIG REQUIRED)
 endif()
 
 target_link_libraries(rds2cpp INTERFACE ltla::byteme)
diff --git a/cmake/Config.cmake.in b/cmake/Config.cmake.in
@@ -2,6 +2,6 @@
 
 include(CMakeFindDependencyMacro)
 find_dependency(ltla_byteme 2.1.3 CONFIG REQUIRED)
-find_dependency(ltla_sanisizer 0.2.1 CONFIG REQUIRED)
+find_dependency(ltla_sanisizer 0.2.2 CONFIG REQUIRED)
 
 include("${CMAKE_CURRENT_LIST_DIR}/ltla_rds2cppTargets.cmake")
diff --git a/extern/CMakeLists.txt b/extern/CMakeLists.txt
@@ -11,7 +11,7 @@ FetchContent_Declare(
 FetchContent_Declare(
   sanisizer 
   GIT_REPOSITORY https://github.com/LTLA/sanisizer
-  GIT_TAG master # ^0.2.1
+  GIT_TAG master # ^0.2.2
 )
 
 FetchContent_MakeAvailable(byteme)
diff --git a/include/rds2cpp/parse_altrep.hpp b/include/rds2cpp/parse_altrep.hpp
@@ -8,6 +8,8 @@
 #include <sstream>
 #include <limits>
 #include <memory>
+#include <array>
+#include <type_traits>
 
 #include "RObject.hpp"
 #include "utils_parse.hpp"
@@ -32,8 +34,8 @@ PairList parse_pairlist_body(Source_&, const Header&, SharedParseInfo&);
 
 namespace altrep_internal {
 
-template<class Vector, class Source_>
-Vector parse_numeric_compact_seq(Source_& src) try {
+template<class Vector_, class Source_>
+Vector_ parse_numeric_compact_seq(Source_& src) try {
     auto header = parse_header(src);
     if (header[3] != static_cast<unsigned char>(SEXPType::REAL)) {
         throw std::runtime_error("expected compact_seq to store sequence information in doubles");
@@ -45,10 +47,29 @@ Vector parse_numeric_compact_seq(Source_& src) try {
         throw std::runtime_error("expected compact_seq's sequence information to be of length 3");
     }
 
-    auto len = sanisizer::from_float<std::size_t>(ranges[0]);
+    const auto len = sanisizer::from_float<std::size_t>(ranges[0]);
     double start = ranges[1], step = ranges[2];
 
-    Vector output(len);
+    typedef I<decltype(std::declval<Vector_>().data[0])> VectorValue;
+    if constexpr(std::is_integral<VectorValue>::value) {
+        static_assert(std::is_signed<VectorValue>::value);
+        if (len) {
+            std::array<double, 2> endpts { start, start + (ranges[0] - 1) * step };
+            constexpr int available_bits = std::numeric_limits<VectorValue>::digits;
+            for (auto x : endpts) {
+                if (!std::isfinite(x)) {
+                    throw std::runtime_error("non-finite boundaries for integer compact_seq");
+                }
+                const auto target = (x >= 0 ? x : 1 - x); // +1 as negative values get a bit more space in signed integers.
+                int bits = sanisizer::required_bits_for_float(std::trunc(target));
+                if (bits > available_bits) {
+                    throw std::runtime_error("overflow for integer compact_seq");
+                }
+            }
+        }
+    }
+
+    Vector_ output(len);
     for (I<decltype(len)> i = 0; i < len; ++i, start += step) {
         output.data[i] = start;
     }
@@ -61,7 +82,7 @@ Vector parse_numeric_compact_seq(Source_& src) try {
     return output;
 } catch (std::exception& e) {
     throw traceback("failed to parse compact numeric ALTREP", e);
-    return Vector();
+    return Vector_();
 }
 
 template<class Vector, class Source_>

Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,7 @@ FetchContent_Declare(`
`11`	`11`	`FetchContent_Declare(`
`12`	`12`	`sanisizer`
`13`	`13`	`GIT_REPOSITORY https://github.com/LTLA/sanisizer`
`14`		`- GIT_TAG master # ^0.2.1`
	`14`	`+ GIT_TAG master # ^0.2.2`
`15`	`15`	`)`
`16`	`16`
`17`	`17`	`FetchContent_MakeAvailable(byteme)`