Why is this an issue?
PositionsWriter::build() at cloudsearch-storage/src/positions_writer.rs:52,63,68,79 uses unwrap() on u32::try_from() conversions that can theoretically panic if term/doc/position counts exceed u32::MAX (~4 billion). While practically unreachable, the panic is abrupt and undocumented in code behavior — the # Panics docs at line 41-42 only mention the header length overflow case, not these conversions.
What is causing it?
let term_count = u32::try_from(self.terms.len()).unwrap(); // line 52
let doc_count = u32::try_from(posting_list.docs.len()).unwrap(); // line 63
let pos_count = u32::try_from(posting.positions.len()).unwrap(); // line 68
result.extend_from_slice(&u32::try_from(term_bytes.len()).unwrap().to_le_bytes()); // line 79
How can it be solved?
Replace unwrap() with ok() or expect() with a descriptive message. If the conversion fails, return an error rather than panicking:
let term_count = u32::try_from(self.terms.len())
.map_err(|_| CloudSearchError::ResourceLimitExceeded("term count exceeds u32::MAX".to_string()))?;Or use unwrap_or(u32::MAX) and clamp to u32::MAX if you prefer silent saturation.
Category
Severity
Why is this an issue?
PositionsWriter::build()atcloudsearch-storage/src/positions_writer.rs:52,63,68,79usesunwrap()onu32::try_from()conversions that can theoretically panic if term/doc/position counts exceed u32::MAX (~4 billion). While practically unreachable, the panic is abrupt and undocumented in code behavior — the# Panicsdocs at line 41-42 only mention the header length overflow case, not these conversions.What is causing it?
How can it be solved?
Replace
unwrap()withok()orexpect()with a descriptive message. If the conversion fails, return an error rather than panicking:Or use
unwrap_or(u32::MAX)and clamp to u32::MAX if you prefer silent saturation.Category
Severity