Skip to content

[BUG] prevent integer overflow in HNSW index resize#7093

Closed
rescrv wants to merge 1 commit into
mainfrom
rescrv/bug2
Closed

[BUG] prevent integer overflow in HNSW index resize#7093
rescrv wants to merge 1 commit into
mainfrom
rescrv/bug2

Conversation

@rescrv
Copy link
Copy Markdown
Contributor

@rescrv rescrv commented May 18, 2026

Description of changes

Replace unchecked arithmetic (capacity * 2, len + additional) with a
central required_hnsw_capacity function that uses checked_add,
checked_mul, and checked_next_power_of_two, returning a typed
HnswCapacityError::Overflow on overflow instead of silently wrapping.

All six callsites in fast_writer, spann/types, distributed_hnsw, and
local_hnsw now route through this function, which encodes two growth
strategies (Double and NextPowerOfTwo) and an optional resize-at-
capacity flag to preserve each callsite's existing semantics.

Also constrain resize_factor to [1.0, 5.0] on the Rust
HnswIndexConfig via a validate(range) annotation, with tests for
both boundary rejection and overflow at usize::MAX.

Test plan

CI

Migration plan

N/A

Observability plan

N/A

Documentation Changes

N/A

Co-authored-by: AI

@rescrv
[BUG] prevent integer overflow in HNSW index resize
abcc570 
Replace unchecked arithmetic (capacity * 2, len + additional) with a
central required_hnsw_capacity function that uses checked_add,
checked_mul, and checked_next_power_of_two, returning a typed
HnswCapacityError::Overflow on overflow instead of silently wrapping.

All six callsites in fast_writer, spann/types, distributed_hnsw, and
local_hnsw now route through this function, which encodes two growth
strategies (Double and NextPowerOfTwo) and an optional resize-at-
capacity flag to preserve each callsite's existing semantics.

Also constrain resize_factor to [1.0, 5.0] on the Rust
HnswIndexConfig via a validate(range) annotation, with tests for
both boundary rejection and overflow at usize::MAX.

Co-authored-by: AI
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 18, 2026

Reviewer Checklist

Please leverage this checklist to ensure your code review is thorough before approving

Testing, Bugs, Errors, Logs, Documentation

  • Can you think of any use case in which the code does not behave as intended? Have they been tested?
  • Can you think of any inputs or external events that could break the code? Is user input validated and safe? Have they been tested?
  • If appropriate, are there adequate property based tests?
  • If appropriate, are there adequate unit tests?
  • Should any logging, debugging, tracing information be added or removed?
  • Are error messages user-friendly?
  • Have all documentation changes needed been made?
  • Have all non-obvious changes been commented?

System Compatibility

  • Are there any potential impacts on other parts of the system or backward compatibility?
  • Does this change intersect with any items on our roadmap, and if so, is there a plan for fitting them together?

Quality

  • Is this code of a unexpectedly high quality (Readability, Modularity, Intuitiveness)

@rescrv rescrv requested a review from HammadB May 18, 2026 16:33
@blacksmith-sh
Copy link
Copy Markdown
Contributor

blacksmith-sh Bot commented May 18, 2026
edited
Loading

Found 1 test failure on Blacksmith runners:

Failure

Test View Logs
chroma-types/
collection_schema::tests::proptests::reconcile_schema_and_config_matches_schema_only_pa
th		 View Logs

Fix in Cursor

@rescrv
Copy link
Copy Markdown
Contributor Author

rescrv commented May 20, 2026

In favor of #7098

@rescrv rescrv closed this May 20, 2026
@rescrv rescrv deleted the rescrv/bug2 branch May 22, 2026 22:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@HammadB HammadB Awaiting requested review from HammadB

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rescrv