From ee0dccbd02bbf73d1820a87f65b66834de928ed9 Mon Sep 17 00:00:00 2001
From: Cody P Schafer <dev@codyps.com>
Date: Thu, 28 May 2015 16:02:25 -0400
Subject: [PATCH] check the size of seqs before trying to decode them

Fixes #41
---
 src/reader.rs |  8 ++++++++
 src/test.rs   | 18 ++++++++++++++++++
 2 files changed, 26 insertions(+)

diff --git a/src/reader.rs b/src/reader.rs
index e32ff94..a3d8f7d 100644
--- a/src/reader.rs
+++ b/src/reader.rs
@@ -335,7 +335,15 @@ impl<'a, R: Read> Decoder for DecoderReader<'a, R> {
     fn read_seq<T, F>(&mut self, f: F) -> DecodingResult<T>
         where F: FnOnce(&mut DecoderReader<'a, R>, usize) -> DecodingResult<T>
     {
+        use std::mem::size_of;
+        use std::usize;
         let len = try!(self.read_usize());
+        if let SizeLimit::Bounded(x) = self.size_limit {
+            if (len > usize::MAX / size_of::<T>()) ||
+                    (len * size_of::<T>()) as u64 > (x - self.read) {
+                return Err(DecodingError::SizeLimit)
+            }
+        }
         f(self, len)
     }
     fn read_seq_elt<T, F>(&mut self, _: usize, f: F) -> DecodingResult<T>
diff --git a/src/test.rs b/src/test.rs
index 67e7be9..3a74449 100644
--- a/src/test.rs
+++ b/src/test.rs
@@ -319,3 +319,21 @@ fn test_slicebox() {
 fn test_multi_strings() {
     assert!(encode(&("foo", "bar", "baz"), Infinite).is_ok());
 }
+
+#[test]
+fn no_oom() {
+    use std::io::Cursor;
+
+    #[derive(RustcEncodable)]
+    struct FakeVec {
+        len: u64,
+        byte: u8
+    }
+
+    let x = encode(&FakeVec { len: 0xffffffffffffffffu64, byte: 1 }, Bounded(10)).unwrap();
+    let y : Result<Vec<u8>, _> = decode_from(&mut Cursor::new(&x[..]), Bounded(10));
+    match y {
+        Err(DecodingError::SizeLimit) => assert!(true),
+        _ => assert!(false)
+    }
+}