diff options
| author | bors <bors@rust-lang.org> | 2013-09-16 19:35:50 -0700 |
|---|---|---|
| committer | bors <bors@rust-lang.org> | 2013-09-16 19:35:50 -0700 |
| commit | d5e9033a0d380fefb5610c97ff1048c809251bba (patch) | |
| tree | 86710ef0b5db291229c77c13263b565a412269f3 /src/libstd/rt | |
| parent | 2f96c22a21299cfe5860b0bb6fdd1af8ac500b11 (diff) | |
| parent | e211888407db32fcec53f4fa9eb84acdbdf59f87 (diff) | |
| download | rust-d5e9033a0d380fefb5610c97ff1048c809251bba.tar.gz rust-d5e9033a0d380fefb5610c97ff1048c809251bba.zip | |
auto merge of #9108 : blake2-ppc/rust/hazards-on-overflow, r=alexcrichton
Fix uint overflow bugs in std::{at_vec, vec, str}
Closes #8742
Fix issue #8742, which summarized is: unsafe code in vec and str did assume
that a reservation for `X + Y` elements always succeeded, and didn't overflow.
Introduce the method `Vec::reserve_additional(n)` to make it easy to check for
overflow in `Vec::push` and `Vec::push_all`.
In std::str, simplify and remove a lot of the unsafe code and use `push_str`
instead. With improvements to `.push_str` and the new function
`vec::bytes::push_bytes`, it looks like this change has either no or positive
impact on performance.
I believe there are many places still where `v.reserve(A + B)` still can overflow.
This by itself is not an issue unless followed by (unsafe) code that steps aside
boundary checks.
Diffstat (limited to 'src/libstd/rt')
| -rw-r--r-- | src/libstd/rt/io/extensions.rs | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/libstd/rt/io/extensions.rs b/src/libstd/rt/io/extensions.rs index e221f0ee94d..1c48d6e7f1e 100644 --- a/src/libstd/rt/io/extensions.rs +++ b/src/libstd/rt/io/extensions.rs @@ -303,7 +303,7 @@ impl<T: Reader> ReaderUtil for T { let start_len = buf.len(); let mut total_read = 0; - buf.reserve_at_least(start_len + len); + buf.reserve_additional(len); vec::raw::set_len(buf, start_len + len); do (|| { |