diff options
| author | Matthias Krüger <matthias.krueger@famsik.de> | 2024-04-11 22:38:56 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-04-11 22:38:56 +0200 |
| commit | d8ae975c02f22430187ba67b18e402382222ac99 (patch) | |
| tree | 4e946cdeb1a35c6a87e499990799562dc566d18c | |
| parent | 17a8ee636f3f069861bca5895e47e91fa6a1c183 (diff) | |
| parent | 91fe6f9343a384dd7d598705a4bc4b137845dbea (diff) | |
| download | rust-d8ae975c02f22430187ba67b18e402382222ac99.tar.gz rust-d8ae975c02f22430187ba67b18e402382222ac99.zip | |
Rollup merge of #123806 - joboet:advanced_overflow, r=Amanieu
Panic on overflow in `BorrowedCursor::advance` Passing `usize::MAX` to `advance` clearly isn't correct, but the current assertion fails to detect this when overflow checks are disabled. This isn't unsound, but should probably be fixed regardless.
| -rw-r--r-- | library/core/src/io/borrowed_buf.rs | 5 | ||||
| -rw-r--r-- | library/std/src/io/tests.rs | 9 |
2 files changed, 12 insertions, 2 deletions
diff --git a/library/core/src/io/borrowed_buf.rs b/library/core/src/io/borrowed_buf.rs index 778d38b1537..81371708b51 100644 --- a/library/core/src/io/borrowed_buf.rs +++ b/library/core/src/io/borrowed_buf.rs @@ -249,9 +249,10 @@ impl<'a> BorrowedCursor<'a> { /// Panics if there are less than `n` bytes initialized. #[inline] pub fn advance(&mut self, n: usize) -> &mut Self { - assert!(self.buf.init >= self.buf.filled + n); + let filled = self.buf.filled.strict_add(n); + assert!(filled <= self.buf.init); - self.buf.filled += n; + self.buf.filled = filled; self } diff --git a/library/std/src/io/tests.rs b/library/std/src/io/tests.rs index eb5d5988768..090a091b09a 100644 --- a/library/std/src/io/tests.rs +++ b/library/std/src/io/tests.rs @@ -210,6 +210,15 @@ fn read_buf_exact() { } #[test] +#[should_panic] +fn borrowed_cursor_advance_overflow() { + let mut buf = [0; 512]; + let mut buf = BorrowedBuf::from(&mut buf[..]); + buf.unfilled().advance(1); + buf.unfilled().advance(usize::MAX); +} + +#[test] fn take_eof() { struct R; |