diff --git a/Cargo.lock b/Cargo.lock index 71e8e75cad376..a1225b3e2d78e 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2396,12 +2396,6 @@ dependencies = [ "regex", ] -[[package]] -name = "fast-float" -version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "95765f67b4b18863968b4a1bd5bb576f732b29a4a28c7cd84c09fa3e2875f33c" - [[package]] name = "fastrand" version = "2.0.1" @@ -6093,7 +6087,6 @@ dependencies = [ "dec", "differential-dataflow", "enum-kinds", - "fast-float", "flatcontainer", "hex", "insta", diff --git a/deny.toml b/deny.toml index 8e999e5516449..903ccdc658b78 100644 --- a/deny.toml +++ b/deny.toml @@ -233,8 +233,6 @@ ignore = [ "RUSTSEC-2024-0375", # `derivative` is unmaintained; consider using an alternative (unmaintained) "RUSTSEC-2024-0388", - # Multiple soundness issues - "RUSTSEC-2024-0379", # `instant` is unmaintained, and the author recommends using the maintained [`web-time`] crate instead. "RUSTSEC-2024-0384", diff --git a/src/repr/Cargo.toml b/src/repr/Cargo.toml index f020ab31dccfe..fc095ad4ab7e1 100644 --- a/src/repr/Cargo.toml +++ b/src/repr/Cargo.toml @@ -38,7 +38,6 @@ compact_bytes = "0.1.2" dec = "0.4.8" differential-dataflow = "0.13.0" enum-kinds = "0.5.1" -fast-float = "0.2.0" flatcontainer = "0.5.0" hex = "0.4.3" itertools = "0.10.5" diff --git a/src/repr/src/strconv.rs b/src/repr/src/strconv.rs index d20d172e7b050..c327a371afa3e 100644 --- a/src/repr/src/strconv.rs +++ b/src/repr/src/strconv.rs @@ -28,12 +28,12 @@ use std::collections::BTreeMap; use std::error::Error; use std::fmt; use std::num::FpCategory; +use std::str::FromStr; use std::sync::LazyLock; use chrono::offset::{Offset, TimeZone}; use chrono::{DateTime, Datelike, Duration, NaiveDate, NaiveDateTime, NaiveTime, Timelike, Utc}; use dec::OrderedDecimal; -use fast_float::FastFloat; use mz_lowertest::MzReflect; use mz_ore::cast::ReinterpretCast; use mz_ore::error::ErrorExt; @@ -249,7 +249,7 @@ pub fn parse_oid(s: &str) -> Result { fn parse_float(type_name: &'static str, s: &str) -> Result where - Fl: NumFloat + FastFloat, + Fl: NumFloat + FromStr, { // Matching PostgreSQL's float parsing behavior is tricky. PostgreSQL's // implementation delegates almost entirely to strtof(3)/strtod(3), which @@ -260,9 +260,9 @@ where // // To @benesch's knowledge, there is no Rust implementation of float parsing // that reports whether underflow or overflow occurred. So we figure it out - // ourselves after the fact. If fast_float returns infinity and the input + // ourselves after the fact. If parsing the float returns infinity and the input // was not an explicitly-specified infinity, then we know overflow occurred. - // If fast_float returns zero and the input was not an explicitly-specified + // If parsing the float returns zero and the input was not an explicitly-specified // zero, then we know underflow occurred. // Matches `0`, `-0`, `+0`, `000000.00000`, `0.0e10`, 0., .0, et al. @@ -271,14 +271,17 @@ where // Matches `inf`, `-inf`, `+inf`, `infinity`, et al. static INF_RE: LazyLock = LazyLock::new(|| Regex::new("(?i-u)^[-+]?inf").unwrap()); - let buf = s.trim().as_bytes(); - let f: Fl = - fast_float::parse(buf).map_err(|_| ParseError::invalid_input_syntax(type_name, s))?; + let buf = s.trim(); + let f: Fl = buf + .parse() + .map_err(|_| ParseError::invalid_input_syntax(type_name, s))?; match f.classify() { - FpCategory::Infinite if !INF_RE.is_match(buf) => { + FpCategory::Infinite if !INF_RE.is_match(buf.as_bytes()) => { + Err(ParseError::out_of_range(type_name, s)) + } + FpCategory::Zero if !ZERO_RE.is_match(buf.as_bytes()) => { Err(ParseError::out_of_range(type_name, s)) } - FpCategory::Zero if !ZERO_RE.is_match(buf) => Err(ParseError::out_of_range(type_name, s)), _ => Ok(f), } }