validate to avoid zv indexing

Author: robertbastian

components/collator/src/comparison.rs

@@ -35,16 +35,18 @@ use crate::provider::CollationMetadataV1;
 use crate::provider::CollationReordering;
 use crate::provider::CollationReorderingV1;
 use crate::provider::CollationRootV1;
-use crate::provider::CollationSpecialPrimaries;
 use crate::provider::CollationSpecialPrimariesV1;
+use crate::provider::CollationSpecialPrimariesValidated;
 use crate::provider::CollationTailoringV1;
+use core::array;
 use core::cmp::Ordering;
 use core::convert::TryFrom;
 use icu_normalizer::provider::DecompositionData;
 use icu_normalizer::provider::DecompositionTables;
 use icu_normalizer::provider::NormalizerNfdDataV1;
 use icu_normalizer::provider::NormalizerNfdTablesV1;
 use icu_normalizer::Decomposition;
+use icu_provider::marker::ErasedMarker;
 use icu_provider::prelude::*;
 use smallvec::SmallVec;
 use utf16_iter::Utf16CharsEx;
@@ -379,7 +381,7 @@ impl LocaleSpecificDataHolder {
 /// Compares strings according to culturally-relevant ordering.
 #[derive(Debug)]
 pub struct Collator {
-    special_primaries: DataPayload<CollationSpecialPrimariesV1>,
+    special_primaries: DataPayload<ErasedMarker<CollationSpecialPrimariesValidated<'static>>>,
     root: DataPayload<CollationRootV1>,
     tailoring: Option<DataPayload<CollationTailoringV1>>,
     jamo: DataPayload<CollationJamoV1>,
@@ -464,7 +466,7 @@ impl Collator {
         decompositions: DataPayload<NormalizerNfdDataV1>,
         tables: DataPayload<NormalizerNfdTablesV1>,
         jamo: DataPayload<CollationJamoV1>,
-        mut special_primaries: DataPayload<CollationSpecialPrimariesV1>,
+        special_primaries: DataPayload<CollationSpecialPrimariesV1>,
         prefs: CollatorPreferences,
         options: CollatorOptions,
     ) -> Result<Self, DataError>
@@ -489,24 +491,35 @@ impl Collator {
         if special_primaries.get().last_primaries.len() <= (MaxVariable::Currency as usize) {
             return Err(DataError::custom("invalid").with_marker(CollationSpecialPrimariesV1::INFO));
         }
-        if special_primaries.get().last_primaries.len() == (MaxVariable::Currency as usize) {
-            // Data without compressible bits, add hardcoded data
-            special_primaries = special_primaries.map_project(|csp, _| CollationSpecialPrimaries {
-                last_primaries: csp
-                    .last_primaries
-                    .iter()
-                    .chain(
-                        CollationSpecialPrimaries::HARDCODED_FALLBACK
-                            .last_primaries
-                            .iter()
-                            .rev()
-                            .take(4)
-                            .rev(),
+        let special_primaries = special_primaries.map_project(|csp, _| {
+            if csp.last_primaries.len()
+                == (MaxVariable::Currency as usize)
+                    + core::mem::size_of_val(
+                        &CollationSpecialPrimariesValidated::HARDCODED_FALLBACK.compressible_bytes,
                     )
-                    .collect(),
-                ..csp
-            });
-        }
+            {
+                CollationSpecialPrimariesValidated {
+                    compressible_bytes: array::from_fn(|i| {
+                        #[allow(clippy::unwrap_used)] // protected by the if
+                        {
+                            csp.last_primaries
+                                .get((MaxVariable::Currency as usize) + i)
+                                .unwrap()
+                        }
+                    }),
+                    last_primaries: csp.last_primaries.truncated(MaxVariable::Currency as usize),
+                    numeric_primary: csp.numeric_primary,
+                }
+            } else {
+                // Data without compressible bytes, add hardcoded data
+                CollationSpecialPrimariesValidated {
+                    last_primaries: csp.last_primaries,
+                    compressible_bytes: CollationSpecialPrimariesValidated::HARDCODED_FALLBACK
+                        .compressible_bytes,
+                    numeric_primary: csp.numeric_primary,
+                }
+            }
+        });
 
         Ok(Collator {
             special_primaries,
@@ -550,7 +563,7 @@ macro_rules! compare {
 /// borrowed version.
 #[derive(Debug)]
 pub struct CollatorBorrowed<'a> {
-    special_primaries: &'a CollationSpecialPrimaries<'a>,
+    special_primaries: &'a CollationSpecialPrimariesValidated<'a>,
     root: &'a CollationData<'a>,
     tailoring: Option<&'a CollationData<'a>>,
     jamo: &'a CollationJamo<'a>,
@@ -586,28 +599,26 @@ impl CollatorBorrowed<'static> {
             return Err(DataError::custom("invalid").with_marker(CollationJamoV1::INFO));
         }
 
-        let mut special_primaries =
-            crate::provider::Baked::SINGLETON_COLLATION_SPECIAL_PRIMARIES_V1;
+        let special_primaries = crate::provider::Baked::SINGLETON_COLLATION_SPECIAL_PRIMARIES_V1;
         // `variant_count` isn't stable yet:
         // https://github.com/rust-lang/rust/issues/73662
         if special_primaries.last_primaries.len() <= (MaxVariable::Currency as usize) {
             return Err(DataError::custom("invalid").with_marker(CollationSpecialPrimariesV1::INFO));
+        } else if CollationSpecialPrimariesValidated::HARDCODED_FALLBACK.numeric_primary
+            != special_primaries.numeric_primary
+            || CollationSpecialPrimariesValidated::HARDCODED_FALLBACK
+                .last_primaries
+                .iter()
+                .zip(special_primaries.last_primaries.iter())
+                .any(|(a, b)| a != b)
+        {
+            // Baked data without compressible bits, but not matching hardcoded data
+            return Err(
+                DataError::custom("cannot fall back to hardcoded compressible data")
+                    .with_marker(CollationSpecialPrimariesV1::INFO),
+            );
         }
-        if special_primaries.last_primaries.len() == (MaxVariable::Currency as usize) {
-            // Baked data without compressible bits, use hardcoded data
-            if CollationSpecialPrimaries::HARDCODED_FALLBACK.numeric_primary
-                != special_primaries.numeric_primary
-                || CollationSpecialPrimaries::HARDCODED_FALLBACK
-                    .last_primaries
-                    .iter()
-                    .zip(special_primaries.last_primaries.iter())
-                    .any(|(a, b)| a != b)
-            {
-                return Err(DataError::custom("cannot fall back to compressible data")
-                    .with_marker(CollationSpecialPrimariesV1::INFO));
-            }
-            special_primaries = CollationSpecialPrimaries::HARDCODED_FALLBACK;
-        }
+        let special_primaries = CollationSpecialPrimariesValidated::HARDCODED_FALLBACK;
 
         // Attribute belongs closer to `unwrap`, but
         // https://github.com/rust-lang/rust/issues/15701

components/collator/src/provider.rs

@@ -566,33 +566,49 @@ pub struct CollationSpecialPrimaries<'data> {
     pub numeric_primary: u8,
 }
 
-impl CollationSpecialPrimaries<'static> {
+#[derive(Debug, PartialEq, Clone, yoke::Yokeable, zerofrom::ZeroFrom)]
+pub(crate) struct CollationSpecialPrimariesValidated<'data> {
+    /// The primaries corresponding to `MaxVariable`
+    /// character classes packed so that each fits in
+    /// 16 bits. Length must match the number of enum
+    /// variants in `MaxVariable`, currently 4.
+    pub last_primaries: ZeroVec<'data, u16>,
+    /// The high 8 bits of the numeric primary
+    pub numeric_primary: u8,
+    /// 256 bits (packed in 16 u16s) to classify every possible
+    /// byte into compressible or non-compressible.
+    pub compressible_bytes: [u16; 16],
+}
+
+impl CollationSpecialPrimariesValidated<'static> {
     pub(crate) const HARDCODED_FALLBACK: &Self = &Self {
         last_primaries: zerovec::zerovec!(u16; <u16 as AsULE>::ULE::from_aligned; [
           // Last primaries
           1286,
           3072,
           3488,
           3840,
-          // Compressible bytes
-          0b0000_0000_0000_0000,
-          0b0000_0000_0000_0000,
-          0b0000_0000_0000_0000,
-          0b0000_0000_0000_0000,
-          0b0000_0000_0000_0000,
-          0b0000_0000_0000_0000,
-          0b1111_1111_1111_1110,
-          0b1111_1111_1111_1111,
-          0b0000_0000_0000_0001,
-          0b0000_0000_0000_0000,
-          0b0000_0000_0000_0000,
-          0b0000_0000_0000_0000,
-          0b0000_0000_0000_0000,
-          0b0000_0000_0000_0000,
-          0b0000_0000_0000_0000,
-          0b0100_0000_0000_0000
         ]),
         numeric_primary: 16u8,
+        compressible_bytes: [
+            // Compressible bytes
+            0b0000_0000_0000_0000,
+            0b0000_0000_0000_0000,
+            0b0000_0000_0000_0000,
+            0b0000_0000_0000_0000,
+            0b0000_0000_0000_0000,
+            0b0000_0000_0000_0000,
+            0b1111_1111_1111_1110,
+            0b1111_1111_1111_1111,
+            0b0000_0000_0000_0001,
+            0b0000_0000_0000_0000,
+            0b0000_0000_0000_0000,
+            0b0000_0000_0000_0000,
+            0b0000_0000_0000_0000,
+            0b0000_0000_0000_0000,
+            0b0000_0000_0000_0000,
+            0b0100_0000_0000_0000,
+        ],
     };
 }
 
@@ -601,7 +617,7 @@ icu_provider::data_struct!(
     #[cfg(feature = "datagen")]
 );
 
-impl CollationSpecialPrimaries<'_> {
+impl CollationSpecialPrimariesValidated<'_> {
     #[allow(clippy::unwrap_used)]
     pub(crate) fn last_primary_for_group(&self, max_variable: MaxVariable) -> u32 {
         // `unwrap` is OK, because `Collator::try_new` validates the length.
@@ -613,15 +629,12 @@ impl CollationSpecialPrimaries<'_> {
 
     #[allow(dead_code)]
     pub(crate) fn is_compressible(&self, b: u8) -> bool {
-        // Unwrap OK by construction and pasting this
+        // Indexing slicing OK by construction and pasting this
         // into Compiler Explorer shows that the panic
         // is optimized away.
-        #[allow(clippy::unwrap_used)]
-        let field = self
-            .last_primaries
-            .get(self.last_primaries.len() - 4 + usize::from(b >> 4))
-            .unwrap();
-        let mask = 1 << (b & 0b111_1111);
+        #[allow(clippy::indexing_slicing)]
+        let field = self.compressible_bytes[usize::from(b >> 4)];
+        let mask = 1 << (b & 0b1111);
         (field & mask) != 0
     }
 }

utils/zerovec/src/zerovec/mod.rs

@@ -165,6 +165,17 @@ impl<U> EyepatchHackVector<U> {
         // this always represents a valid vector
         Vec::from_raw_parts(self.buf.as_ptr() as *mut U, len, self.capacity)
     }
+
+    fn truncate(&mut self, max: usize) {
+        // SAFETY: The elements in buf are `ULE`, so they don't need to be dropped
+        // even if we own them.
+        self.buf = unsafe {
+            NonNull::new_unchecked(core::ptr::slice_from_raw_parts_mut(
+                self.buf.as_mut().as_mut_ptr(),
+                core::cmp::max(max, self.buf.as_ref().len()),
+            ))
+        };
+    }
 }
 
 #[cfg(feature = "alloc")]
@@ -1068,6 +1079,13 @@ where
             Cow::Borrowed(slice)
         }
     }
+
+    /// Truncates this vector to `min(self.len(), max)`.
+    #[inline]
+    pub fn truncated(mut self, max: usize) -> Self {
+        self.vector.truncate(max);
+        self
+    }
 }
 
 #[cfg(feature = "alloc")]