nordic-dev.net/rust
nordic-dev.net/rust
2
0
Fork 0
mirror of https://github.com/rust-lang/rust.git synced 2024-11-22 23:04:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Rollup merge of #120607 - conradludgate:fix-120603, r=dtolnay

Browse Source 
fix #120603 by adding a check in default_read_buf

Fixes #120603 by checking the returned read n is in-bounds of the cursor.

Interestingly, I noticed that `BorrowedBuf` side-steps this issue by using checked accesses. Maybe this can be switched to unchecked to mirror what BufReader does bf3c6c5bed/library/core/src/io/borrowed_buf.rs (L95)
This commit is contained in:
Matthias Krüger 2024-02-05 06:37:16 +01:00 committed by GitHub
commit d8e9ddc843
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 36 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
library/std/src/io/mod.rs
View File

@ -578,8 +578,13 @@ where
F: FnOnce(&mut [u8]) -> Result<usize>,
{
let n = read(cursor.ensure_init().init_mut())?;
assert!(
n <= cursor.capacity(),
"read should not return more bytes than there is capacity for in the read buffer"
);
unsafe {
// SAFETY: we initialised using `ensure_init` so there is no uninit data to advance to.
// SAFETY: we initialised using `ensure_init` so there is no uninit data to advance to
// and we have checked that the read amount is not over capacity (see #120603)
cursor.advance(n);
}
Ok(())

31
library/std/src/io/tests.rs
View File

@ -1,6 +1,6 @@
use super::{repeat, BorrowedBuf, Cursor, SeekFrom};
use crate::cmp::{self, min};
use crate::io::{self, IoSlice, IoSliceMut};
use crate::io::{self, IoSlice, IoSliceMut, DEFAULT_BUF_SIZE};
use crate::io::{BufRead, BufReader, Read, Seek, Write};
use crate::mem::MaybeUninit;
use crate::ops::Deref;
@ -652,3 +652,32 @@ fn bench_take_read_buf(b: &mut test::Bencher) {
[255; 128].take(64).read_buf(buf.unfilled()).unwrap();
});
}
// Issue #120603
#[test]
#[should_panic = "read should not return more bytes than there is capacity for in the read buffer"]
fn read_buf_broken_read() {
struct MalformedRead;
impl Read for MalformedRead {
fn read(&mut self, buf: &mut [u8]) -> io::Result<usize> {
// broken length calculation
Ok(buf.len() + 1)
}
}
let _ = BufReader::new(MalformedRead).fill_buf();
}
#[test]
fn read_buf_full_read() {
struct FullRead;
impl Read for FullRead {
fn read(&mut self, buf: &mut [u8]) -> io::Result<usize> {
Ok(buf.len())
}
}
assert_eq!(BufReader::new(FullRead).fill_buf().unwrap().len(), DEFAULT_BUF_SIZE);
}