Fix: Remove non-compliant Ord and Eq implementations for AssetCapacity

alexdewar · alexdewar · commit f60f62a718d3 · 2026-03-17T15:52:51.000Z
The implementations for these traits shouldn't panic and can cause UB if they do. The only thing we need them for is the `min()` method, but we can just implement this manually instead. Fixes #1206.
diff --git a/src/asset/capacity.rs b/src/asset/capacity.rs
@@ -13,6 +13,23 @@ pub enum AssetCapacity {
     Discrete(u32, Capacity),
 }
 
+impl AssetCapacity {
+    /// Return the smaller of `self` or `other`.
+    ///
+    /// # Panics
+    ///
+    /// Panics if the comparison is not meaningful. This happens if either `AssetCapacity` contains
+    /// a NaN value, one is discrete and the other continuous or if both are discrete and the unit
+    /// size differs.
+    pub fn min(self, other: AssetCapacity) -> AssetCapacity {
+        match self.partial_cmp(&other) {
+            None => panic!("Comparing invalid AssetCapacity values ({self:?} and {other:?})"),
+            Some(Ordering::Greater) => other,
+            _ => self,
+        }
+    }
+}
+
 impl Add for AssetCapacity {
     type Output = Self;
 
@@ -49,23 +66,15 @@ impl Sub for AssetCapacity {
     }
 }
 
-impl Eq for AssetCapacity {}
-
 impl PartialOrd for AssetCapacity {
     fn partial_cmp(&self, other: &Self) -> Option<Ordering> {
-        Some(self.cmp(other))
-    }
-}
-
-impl Ord for AssetCapacity {
-    fn cmp(&self, other: &Self) -> Ordering {
         match (self, other) {
-            (AssetCapacity::Continuous(a), AssetCapacity::Continuous(b)) => a.total_cmp(b),
+            (AssetCapacity::Continuous(a), AssetCapacity::Continuous(b)) => a.partial_cmp(b),
             (AssetCapacity::Discrete(units1, size1), AssetCapacity::Discrete(units2, size2)) => {
-                Self::check_same_unit_size(*size1, *size2);
-                units1.cmp(units2)
+                // NB: Also returns `None` if either is NaN
+                (*size1 == *size2).then(|| units1.cmp(units2))
             }
-            _ => panic!("Cannot compare different types of AssetCapacity ({self:?} and {other:?})"),
+            _ => None,
         }
     }
 }
