fix: replace panic with Result in LANCE_INITIAL_UPLOAD_SIZE validation#6389
Open
LuciferYang wants to merge 1 commit intolance-format:mainfrom
Open
fix: replace panic with Result in LANCE_INITIAL_UPLOAD_SIZE validation#6389LuciferYang wants to merge 1 commit intolance-format:mainfrom
LuciferYang wants to merge 1 commit intolance-format:mainfrom
Conversation
Setting LANCE_INITIAL_UPLOAD_SIZE to an out-of-range value (<5MB or >5GB) previously crashed the process with panic!(). Now returns an error from ObjectWriter::new(), letting callers handle it gracefully. - Change initial_upload_size() return type from usize to Result<usize> - Cache Result<usize, String> in OnceLock (lance_core::Error is not Clone) - Store validated upload_size in ObjectWriter struct to avoid repeated OnceLock access and eliminate .expect() in next_part_buffer() - Preserve silent fallback to default for non-numeric values, consistent with sibling env vars (LANCE_UPLOAD_CONCURRENCY, LANCE_CONN_RESET_RETRIES) - Extract MAX_UPLOAD_PART_SIZE constant for the 5GB upper bound
Codecov Report❌ Patch coverage is
📢 Thoughts on this report? Let us know! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
panic!()withResulterror ininitial_upload_size()whenLANCE_INITIAL_UPLOAD_SIZEenv var is set to an out-of-range value (<5MB or >5GB), preventing process crashes from misconfigurationupload_sizein theObjectWriterstruct to eliminate repeatedOnceLocklookups and avoid anyunwrap/expectin the upload pathMAX_UPLOAD_PART_SIZEconstant for the 5GB upper boundMotivation
Setting
LANCE_INITIAL_UPLOAD_SIZEto a value outside the valid range (less than 5MB or greater than 5GB) crashes the entire process viapanic!(). This is a disproportionate response to a configuration error — the caller has no opportunity to handle the failure gracefully. SinceObjectWriter::new()already returnsResult<Self>, propagating the error is natural and idiomatic.What Changed
initial_upload_size(): Return type changed fromusizetoResult<usize>. Range violations now returnErr(Error::invalid_input(...))instead of panicking. Non-numeric values still silently fall back to the 5MB default, consistent with sibling env vars (LANCE_UPLOAD_CONCURRENCY,LANCE_CONN_RESET_RETRIES).ObjectWriterstruct: Addedupload_size: usizefield, set once innew()from the validated result. This eliminates repeatedOnceLockaccess innext_part_buffer()and removes the need for anyunwrap/expectin the hot path.next_part_buffer(): Takesupload_size: usizeas a parameter instead of callinginitial_upload_size()internally.Behavioral Equivalence
Ok(5MB)"abc")Ok(5MB)(unchanged)Ok(value)panic!()Err(...)panic!()Err(...)No other behavior changes. All existing callers of
ObjectWriter::new()already operate inResultcontext.Test plan
cargo test -p lance-io -- object_writer— all 4 tests passcargo clippy -p lance-io -- -D warnings— no warningscargo fmt -p lance-io -- --check— no formatting issuescargo check --workspace --tests— full workspace compiles