From 379b18bb0ab07e8f7ba04ca29ba52a1817cec1ce Mon Sep 17 00:00:00 2001 From: pommicket Date: Sat, 25 Feb 2023 11:05:21 -0500 Subject: [PATCH 1/2] Use checked_add in VecDeque::append for ZSTs to avoid overflow --- library/alloc/src/collections/vec_deque/mod.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/alloc/src/collections/vec_deque/mod.rs b/library/alloc/src/collections/vec_deque/mod.rs index 1573b3d77dc..d08c372cd7d 100644 --- a/library/alloc/src/collections/vec_deque/mod.rs +++ b/library/alloc/src/collections/vec_deque/mod.rs @@ -1917,7 +1917,7 @@ impl VecDeque { #[stable(feature = "append", since = "1.4.0")] pub fn append(&mut self, other: &mut Self) { if T::IS_ZST { - self.len += other.len; + self.len = self.len.checked_add(other.len).expect("capacity overflow"); other.len = 0; other.head = 0; return; From 12f959ba39ad353ce07971aaf8cef564f86b068d Mon Sep 17 00:00:00 2001 From: pommicket Date: Sat, 25 Feb 2023 13:50:56 -0500 Subject: [PATCH 2/2] Add test for VecDeque::append ZST capacity overflow --- library/alloc/tests/vec_deque.rs | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/library/alloc/tests/vec_deque.rs b/library/alloc/tests/vec_deque.rs index 0b8f5281b78..5a0b852e8d5 100644 --- a/library/alloc/tests/vec_deque.rs +++ b/library/alloc/tests/vec_deque.rs @@ -1045,6 +1045,20 @@ fn test_append_double_drop() { assert_eq!(count_b, 1); } +#[test] +#[should_panic] +fn test_append_zst_capacity_overflow() { + let mut v = Vec::with_capacity(usize::MAX); + // note: using resize instead of set_len here would + // be *extremely* slow in unoptimized builds. + // SAFETY: `v` has capacity `usize::MAX`, and no initialization + // is needed for empty tuples. + unsafe { v.set_len(usize::MAX) }; + let mut v = VecDeque::from(v); + let mut w = vec![()].into(); + v.append(&mut w); +} + #[test] fn test_retain() { let mut buf = VecDeque::new();