An overflow panic in Reader::read_byte_record

[xc01]

Summary

csv v1.4.0 can panic in debug builds due to unchecked addition in the read_byte_record call path:

• src/reader.rs:1649
• set_byte(byte + nin as u64)

If byte == u64::MAX and nin > 0, this overflows and panics.

Why this is report-worthy

• This panic is reachable from public APIs (Reader, Position, seek_raw, read_byte_record).
• The function docs do not mention this panic condition.
• The operation currently uses unchecked + instead of checked_add/error return.

Public API reproducer

use std::io::{Cursor, SeekFrom};
use csv::{ByteRecord, Position, Reader};

#[test]
#[should_panic]
fn panic_arithmetic_overflow_read_byte_record_impl_line_1649() {
    let mut rdr = Reader::from_reader(Cursor::new(b"h\nx\n".to_vec()));

    let mut pos = Position::new();
    pos.set_byte(u64::MAX);

    rdr.seek_raw(SeekFrom::Start(0), pos).unwrap();

    let mut record = ByteRecord::new();
    let _ = rdr.read_byte_record(&mut record);
}

Call chain

1. Reader::from_reader(...)
2. Reader::seek_raw(..., pos_with_byte_u64_max)
3. Reader::read_byte_record(...)
4. Internal read_byte_record_impl(...)
5. set_byte(byte + nin as u64) at src/reader.rs:1649 panics when nin > 0

Actual behavior

Panic on integer overflow (debug builds).

Expected behavior

Either:

• avoid panic via checked arithmetic and return an error, or
• explicitly document panic preconditions in API docs.

Suggested fix

At src/reader.rs:1649, replace unchecked addition with checked handling, e.g.:

• byte.checked_add(nin as u64) and map overflow to Error,
• or saturating behavior if that matches crate semantics.

Version

• crate: csv
• version: 1.4.0