float: Fix panic at max exponential precision#154052
Merged
rust-bors[bot] merged 1 commit intorust-lang:mainfrom Apr 5, 2026
Merged
float: Fix panic at max exponential precision#154052rust-bors[bot] merged 1 commit intorust-lang:mainfrom
rust-bors[bot] merged 1 commit intorust-lang:mainfrom
Conversation
rustbot
added
S-waiting-on-review
Collaborator
|
rustbot has assigned @Mark-Simulacrum. Use Why was this reviewer chosen?The reviewer was selected based on:
|
cdown
force-pushed
the
cdown/2026-03-19/precision
branch
2 times, most recently
from
71fe342 to
d57cfdf
Compare
hkBst
suggested changes
Mar 19, 2026
cdown
force-pushed
the
cdown/2026-03-19/precision
branch
from
d57cfdf to
77f6ba6
Compare
Collaborator
|
Some changes occurred in float parsing cc @tgross35 |
cdown
commented
Mar 20, 2026
Mark-Simulacrum
requested changes
Mar 23, 2026
rustbot
removed
the
S-waiting-on-review
Collaborator
|
Reminder, once the PR becomes ready for a review, use |
rustbot
added
the
S-waiting-on-author
Rust's formatting machinery allows precision values of up to u16::MAX. Exponential formatting works out the number of significant digits to use by adding one (for the integral digit before the decimal point). This previously used usize precision, so the maximum validated precision did not overflow, but in commit fb9ce02 ("Limit formatting width and precision to 16 bits.") the precision type was narrowed to u16 without widening that addition first. As a result an exponential precision value of 65535 is no longer handled correctly, because the digit count wraps to 0, and thus "{:.65535e}" panics in flt2dec::to_exact_exp_str with "assertion failed: ndigits > 0". Other formats (and the parser) accept values up to u16::MAX. A naive fix would be to widen that addition back to usize, but that still does not properly address 16-bit targets, where usize is only guaranteed to be able to represent values up to u16::MAX. The real issue is that this internal API is expressed in the wrong units for the formatter. Fix this by changing exact exponential formatting to take fractional digits internally as well, and compute the temporary significant digit bound only when sizing the scratch buffer. To support that let's also make formatted length accounting saturate so that extremely large rendered outputs do not reintroduce overflows in padding logic. This preserves the existing intent and keeps FormattingOptions compact while making formatting work consistently again.
cdown
force-pushed
the
cdown/2026-03-19/precision
branch
from
77f6ba6 to
2ae6c61
Compare
Collaborator
|
This PR was rebased onto a different main commit. Here's a range-diff highlighting what actually changed. Rebasing is a normal part of keeping PRs up to date, so no action is needed—this note is just to help reviewers. |
Contributor
Author
|
@rustbot ready |
rustbot
added
S-waiting-on-review
Member
|
@bors r+ |
Contributor
rust-bors
bot
added
S-waiting-on-bors
rust-bors bot
pushed a commit
that referenced
this pull request
Apr 4, 2026
…uwer Rollup of 6 pull requests Successful merges: - #147552 ([Debugger Visualizers] Optimize lookup behavior) - #154052 (float: Fix panic at max exponential precision) - #154706 (fix compilation of time/hermit.rs) - #154707 (Make `substr_range` and `subslice_range` return the new `Range` type) - #154767 (triagebot: roll library reviewers for `{coretests,alloctests}`) - #154797 (bootstrap: Include shorthand aliases in x completions)
rust-timer
added a commit
that referenced
this pull request
Apr 5, 2026
Rollup merge of #154052 - cdown:cdown/2026-03-19/precision, r=Mark-Simulacrum float: Fix panic at max exponential precision Rust's formatting machinery allows precision values of up to u16::MAX. Exponential formatting works out the number of significant digits to use by adding one (for the integral digit before the decimal point). This previously used usize precision, so the maximum validated precision did not overflow, but in commit fb9ce02 ("Limit formatting width and precision to 16 bits.") the precision type was narrowed to u16 without widening that addition first. As a result an exponential precision value of 65535 is no longer handled correctly, because the digit count wraps to 0, and thus "{:.65535e}" panics in flt2dec::to_exact_exp_str with "assertion failed: ndigits > 0". Other formats (and the parser) accept values up to u16::MAX. A naive fix would be to widen that addition back to usize, but that still does not properly address 16-bit targets, where usize is only guaranteed to be able to represent values up to u16::MAX. The real issue is that this internal API is expressed in the wrong units for the formatter. Fix this by changing exact exponential formatting to take fractional digits internally as well, and compute the temporary significant digit bound only when sizing the scratch buffer. To support that let's also make formatted length accounting saturate so that extremely large rendered outputs do not reintroduce overflows in padding logic. This preserves the existing intent and keeps FormattingOptions compact while making formatting work consistently again.
github-actions bot
pushed a commit
to rust-lang/miri
that referenced
this pull request
Apr 5, 2026
…uwer Rollup of 6 pull requests Successful merges: - rust-lang/rust#147552 ([Debugger Visualizers] Optimize lookup behavior) - rust-lang/rust#154052 (float: Fix panic at max exponential precision) - rust-lang/rust#154706 (fix compilation of time/hermit.rs) - rust-lang/rust#154707 (Make `substr_range` and `subslice_range` return the new `Range` type) - rust-lang/rust#154767 (triagebot: roll library reviewers for `{coretests,alloctests}`) - rust-lang/rust#154797 (bootstrap: Include shorthand aliases in x completions)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Rust's formatting machinery allows precision values of up to u16::MAX. Exponential formatting works out the number of significant digits to use by adding one (for the integral digit before the decimal point).
This previously used usize precision, so the maximum validated precision did not overflow, but in commit fb9ce02 ("Limit formatting width and precision to 16 bits.") the precision type was narrowed to u16 without widening that addition first.
As a result an exponential precision value of 65535 is no longer handled correctly, because the digit count wraps to 0, and thus "{:.65535e}" panics in flt2dec::to_exact_exp_str with "assertion failed: ndigits > 0". Other formats (and the parser) accept values up to u16::MAX.
A naive fix would be to widen that addition back to usize, but that still does not properly address 16-bit targets, where usize is only guaranteed to be able to represent values up to u16::MAX. The real issue is that this internal API is expressed in the wrong units for the formatter.
Fix this by changing exact exponential formatting to take fractional digits internally as well, and compute the temporary significant digit bound only when sizing the scratch buffer. To support that let's also make formatted length accounting saturate so that extremely large rendered outputs do not reintroduce overflows in padding logic.
This preserves the existing intent and keeps FormattingOptions compact while making formatting work consistently again.