From 5733274876e6f6c0be8b43b4a46bdfeea73fa761 Mon Sep 17 00:00:00 2001
From: Linus Heckemann <git@sphalerite.org>
Date: Thu, 1 Jun 2023 21:22:59 +0200
Subject: fix(tvix/eval): allow negative substring lengths

Nix uses string::substr without checking the sign of the length[1].
The NixOS testing infrastructure relies on this[2], and on the
implicit conversion of that to the maximum possible value for a
size_t.

[1]: https://github.com/NixOS/nix/blob/ecae62020b64914d9859a71ce197d03688c6133c/src/libexpr/primops.cc#L3597
[2]: https://github.com/NixOS/nixpkgs/blob/c7c298471676ac1c7789ab3c424fbcebecaa6791/nixos/lib/testing/driver.nix#L29

Change-Id: I6d0caf6830b6bda3fdf44c40c81de6a1befeca7b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8746
Reviewed-by: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
---
 tvix/eval/src/builtins/mod.rs | 11 +++++------
 tvix/eval/src/errors.rs       | 15 ---------------
 2 files changed, 5 insertions(+), 21 deletions(-)

(limited to 'tvix')

diff --git a/tvix/eval/src/builtins/mod.rs b/tvix/eval/src/builtins/mod.rs
index 53ad6f3f8e50..b5c7931768e9 100644
--- a/tvix/eval/src/builtins/mod.rs
+++ b/tvix/eval/src/builtins/mod.rs
@@ -869,12 +869,11 @@ mod pure_builtins {
             return Ok(Value::String("".into()));
         }
 
-        if len < 0 {
-            return Err(ErrorKind::NegativeLength { length: len });
-        }
-
-        let len = len as usize;
-        let end = cmp::min(beg + len, x.as_str().len());
+        let end = if len < 0 {
+            x.as_str().len() as usize
+        } else {
+            cmp::min(beg + (len as usize), x.as_str().len())
+        };
 
         Ok(Value::String(x.as_str()[beg..end].into()))
     }
diff --git a/tvix/eval/src/errors.rs b/tvix/eval/src/errors.rs
index 2fbb6496ceea..76f55d681299 100644
--- a/tvix/eval/src/errors.rs
+++ b/tvix/eval/src/errors.rs
@@ -108,11 +108,6 @@ pub enum ErrorKind {
     /// An error occurred when parsing an integer
     ParseIntError(ParseIntError),
 
-    /// A negative integer was used as a value representing length.
-    NegativeLength {
-        length: i64,
-    },
-
     // Errors specific to nested attribute sets and merges thereof.
     /// Nested attributes can not be merged with an inherited value.
     UnmergeableInherit {
@@ -396,14 +391,6 @@ to a missing value in the attribute set(s) included via `with`."#,
                 write!(f, "invalid integer: {}", err)
             }
 
-            ErrorKind::NegativeLength { length } => {
-                write!(
-                    f,
-                    "cannot use a negative integer, {}, for a value representing length",
-                    length
-                )
-            }
-
             ErrorKind::UnmergeableInherit { name } => {
                 write!(
                     f,
@@ -765,7 +752,6 @@ impl Error {
             | ErrorKind::NotCoercibleToString { .. }
             | ErrorKind::NotAnAbsolutePath(_)
             | ErrorKind::ParseIntError(_)
-            | ErrorKind::NegativeLength { .. }
             | ErrorKind::UnmergeableInherit { .. }
             | ErrorKind::UnmergeableValue
             | ErrorKind::ImportParseError { .. }
@@ -808,7 +794,6 @@ impl Error {
             ErrorKind::IndexOutOfBounds { .. } => "E019",
             ErrorKind::NotAnAbsolutePath(_) => "E020",
             ErrorKind::ParseIntError(_) => "E021",
-            ErrorKind::NegativeLength { .. } => "E022",
             ErrorKind::TailEmptyList { .. } => "E023",
             ErrorKind::UnmergeableInherit { .. } => "E024",
             ErrorKind::UnmergeableValue => "E025",
-- 
cgit 1.4.1