diff options
| author | Colin Baumgarten <colin.baumgarten@gmail.com> | 2022-10-01 00:40:59 +0200 |
|---|---|---|
| committer | Colin Baumgarten <colin.baumgarten@gmail.com> | 2022-10-01 01:05:01 +0200 |
| commit | b9e85bf60ab4376a321f03078c06cd95ea5143ef (patch) | |
| tree | d5e0b17555b953ef234b34452d8f3a601e0b8323 /compiler/rustc_parse_format | |
| parent | 75d3027fb5ce1af6712e4503c9574802212101bd (diff) | |
| download | rust-b9e85bf60ab4376a321f03078c06cd95ea5143ef.tar.gz rust-b9e85bf60ab4376a321f03078c06cd95ea5143ef.zip | |
Detect and reject out-of-range integers in format string literals
Until now out-of-range integers in format string literals were silently ignored. They wrapped around to zero at usize::MAX, producing unexpected results. When using debug builds of rustc, such integers in format string literals even cause an 'attempt to add with overflow' panic in rustc. Fix this by producing an error diagnostic for integers in format string literals which do not fit into usize. Fixes #102528
Diffstat (limited to 'compiler/rustc_parse_format')
| -rw-r--r-- | compiler/rustc_parse_format/src/lib.rs | 28 | ||||
| -rw-r--r-- | compiler/rustc_parse_format/src/tests.rs | 15 |
2 files changed, 39 insertions, 4 deletions
diff --git a/compiler/rustc_parse_format/src/lib.rs b/compiler/rustc_parse_format/src/lib.rs index df22d79f82e..1394993abad 100644 --- a/compiler/rustc_parse_format/src/lib.rs +++ b/compiler/rustc_parse_format/src/lib.rs @@ -740,20 +740,40 @@ impl<'a> Parser<'a> { word } - /// Optionally parses an integer at the current position. This doesn't deal - /// with overflow at all, it's just accumulating digits. fn integer(&mut self) -> Option<usize> { - let mut cur = 0; + let mut cur: usize = 0; let mut found = false; + let mut overflow = false; + let start = self.current_pos(); while let Some(&(_, c)) = self.cur.peek() { if let Some(i) = c.to_digit(10) { - cur = cur * 10 + i as usize; + let (tmp, mul_overflow) = cur.overflowing_mul(10); + let (tmp, add_overflow) = tmp.overflowing_add(i as usize); + if mul_overflow || add_overflow { + overflow = true; + } + cur = tmp; found = true; self.cur.next(); } else { break; } } + + if overflow { + let end = self.current_pos(); + let overflowed_int = &self.input[start..end]; + self.err( + format!( + "integer `{}` does not fit into the type `usize` whose range is `0..={}`", + overflowed_int, + usize::MAX + ), + "integer out of range for `usize`", + self.span(start, end), + ); + } + if found { Some(cur) } else { None } } diff --git a/compiler/rustc_parse_format/src/tests.rs b/compiler/rustc_parse_format/src/tests.rs index 2f8c229c68f..3f9cb149b53 100644 --- a/compiler/rustc_parse_format/src/tests.rs +++ b/compiler/rustc_parse_format/src/tests.rs @@ -58,6 +58,21 @@ fn invalid06() { } #[test] +fn invalid_position() { + musterr("{18446744073709551616}"); +} + +#[test] +fn invalid_width() { + musterr("{:18446744073709551616}"); +} + +#[test] +fn invalid_precision() { + musterr("{:.18446744073709551616}"); +} + +#[test] fn format_nothing() { same( "{}", |