diff options
| author | bors <bors@rust-lang.org> | 2013-11-11 08:56:18 -0800 |
|---|---|---|
| committer | bors <bors@rust-lang.org> | 2013-11-11 08:56:18 -0800 |
| commit | 4d9b95fada7c97ac1c63099bab1d45ba120958ec (patch) | |
| tree | eb5403a0e63e24a12bd2bc9590e386afaccbd3d2 | |
| parent | 4059b5c4b3b8a57a645982b0770d25f0283dfb06 (diff) | |
| parent | a46b2b8e7aafd23a4d3850d4de6653e363fd0813 (diff) | |
| download | rust-4d9b95fada7c97ac1c63099bab1d45ba120958ec.tar.gz rust-4d9b95fada7c97ac1c63099bab1d45ba120958ec.zip | |
auto merge of #10417 : cmr/rust/vec_overflow, r=huonw
Fixes #10271
| -rw-r--r-- | src/libstd/vec.rs | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/libstd/vec.rs b/src/libstd/vec.rs index 055b0b92121..c2aa4c234d1 100644 --- a/src/libstd/vec.rs +++ b/src/libstd/vec.rs @@ -186,7 +186,11 @@ pub fn with_capacity<T>(capacity: uint) -> ~[T] { vec } else { let alloc = capacity * mem::nonzero_size_of::<T>(); - let ptr = malloc_raw(alloc + mem::size_of::<Vec<()>>()) as *mut Vec<()>; + let size = alloc + mem::size_of::<Vec<()>>(); + if alloc / mem::nonzero_size_of::<T>() != capacity || size < alloc { + fail!("vector size is too large: {}", capacity); + } + let ptr = malloc_raw(size) as *mut Vec<()>; (*ptr).alloc = alloc; (*ptr).fill = 0; cast::transmute(ptr) |