feat: ensure offset size is at most 8 bytes (#8000)

crates/storage/nippy-jar/src/error.rs

@@ -37,6 +37,11 @@ pub enum NippyJarError {
     PHFMissing,
     #[error("nippy jar was built without an index")]
     UnsupportedFilterQuery,
+    #[error("the size of an offset must be at most 8 bytes, got {offset_size}")]
+    OffsetSizeTooBig {
+        /// The read offset size in number of bytes.
+        offset_size: u64,
+    },
     #[error("compression or decompression requires a bigger destination output")]
     OutputTooSmall,
     #[error("dictionary is not loaded.")]

crates/storage/nippy-jar/src/lib.rs

@@ -486,14 +486,15 @@ impl DataReader {
         // SAFETY: File is read-only and its descriptor is kept alive as long as the mmap handle.
         let offset_mmap = unsafe { Mmap::map(&offset_file)? };
 
-        Ok(Self {
-            data_file,
-            data_mmap,
-            offset_file,
-            // First byte is the size of one offset in bytes
-            offset_size: offset_mmap[0] as u64,
-            offset_mmap,
-        })
+        // First byte is the size of one offset in bytes
+        let offset_size = offset_mmap[0] as u64;
+
+        // Ensure that the size of an offset is at most 8 bytes.
+        if offset_size > 8 {
+            return Err(NippyJarError::OffsetSizeTooBig { offset_size })
+        }
+
+        Ok(Self { data_file, data_mmap, offset_file, offset_size, offset_mmap })
     }
 
     /// Returns the offset for the requested data index