Merge pull request #42 from jmesmon/fix-oom

check the size of seqs before trying to decode them
2015-05-28 16:09:20 -07:00 · 2015-05-28 16:09:20 -07:00 · 1c3f457cf9
parent 84b5c416ca ee0dccbd02
commit 1c3f457cf9
2 changed files with 26 additions and 0 deletions
--- a/src/reader.rs
+++ b/src/reader.rs
@ -335,7 +335,15 @@ impl<'a, R: Read> Decoder for DecoderReader<'a, R> {
    fn read_seq<T, F>(&mut self, f: F) -> DecodingResult<T>
        where F: FnOnce(&mut DecoderReader<'a, R>, usize) -> DecodingResult<T>
    {
+        use std::mem::size_of;
+        use std::usize;
        let len = try!(self.read_usize());
+        if let SizeLimit::Bounded(x) = self.size_limit {
+            if (len > usize::MAX / size_of::<T>()) ||
+                    (len * size_of::<T>()) as u64 > (x - self.read) {
+                return Err(DecodingError::SizeLimit)
+            }
+        }
        f(self, len)
    }
    fn read_seq_elt<T, F>(&mut self, _: usize, f: F) -> DecodingResult<T>
--- a/src/test.rs
+++ b/src/test.rs
@ -323,3 +323,21 @@ fn test_slicebox() {
 fn test_multi_strings() {
    assert!(encode(&("foo", "bar", "baz"), Infinite).is_ok());
 }
+
+#[test]
+fn no_oom() {
+    use std::io::Cursor;
+
+    #[derive(RustcEncodable)]
+    struct FakeVec {
+        len: u64,
+        byte: u8
+    }
+
+    let x = encode(&FakeVec { len: 0xffffffffffffffffu64, byte: 1 }, Bounded(10)).unwrap();
+    let y : Result<Vec<u8>, _> = decode_from(&mut Cursor::new(&x[..]), Bounded(10));
+    match y {
+        Err(DecodingError::SizeLimit) => assert!(true),
+        _ => assert!(false)
+    }
+}