forked/hyper
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(buffer): check capacity before resizing

Browse Source 
``cmp::min(cap * 4, MAX_BUFFER_SIZE) - cap'' can underflow when
cap > MAX_BUFFER_SIZE.  cap can exceed MAX_BUFFER_SIZE because
Vec::reserve aligns to powers of two.

Discovered by Matt Howard <themdhoward@gmail.com>
This commit is contained in:
Stacey Ell
2015-05-27 08:48:19 -06:00
parent 9dc85279ac
commit b1686d1b22
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/buffer.rs
View File

@@ -67,7 +67,7 @@ impl<R: Read> BufReader<R> {
#[inline] #[inline]
fn maybe_reserve(&mut self) { fn maybe_reserve(&mut self) {
let cap = self.buf.capacity(); let cap = self.buf.capacity();
if self.cap == cap { if self.cap == cap && cap < MAX_BUFFER_SIZE {
self.buf.reserve(cmp::min(cap * 4, MAX_BUFFER_SIZE) - cap); self.buf.reserve(cmp::min(cap * 4, MAX_BUFFER_SIZE) - cap);
let new = self.buf.capacity() - self.buf.len(); let new = self.buf.capacity() - self.buf.len();
trace!("reserved {}", new); trace!("reserved {}", new);