about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/libstd/vec.rs6
1 files changed, 5 insertions, 1 deletions
diff --git a/src/libstd/vec.rs b/src/libstd/vec.rs
index 055b0b92121..c2aa4c234d1 100644
--- a/src/libstd/vec.rs
+++ b/src/libstd/vec.rs
@@ -186,7 +186,11 @@ pub fn with_capacity<T>(capacity: uint) -> ~[T] {
             vec
         } else {
             let alloc = capacity * mem::nonzero_size_of::<T>();
-            let ptr = malloc_raw(alloc + mem::size_of::<Vec<()>>()) as *mut Vec<()>;
+            let size = alloc + mem::size_of::<Vec<()>>();
+            if alloc / mem::nonzero_size_of::<T>() != capacity || size < alloc {
+                fail!("vector size is too large: {}", capacity);
+            }
+            let ptr = malloc_raw(size) as *mut Vec<()>;
             (*ptr).alloc = alloc;
             (*ptr).fill = 0;
             cast::transmute(ptr)
generated by cgit-pink 1.4.1-3-g733a5 (git 2.37.1) at 2026-04-27 22:17:54 +0000