From ce286b2519d9f98b382522466ad51015b784b661 Mon Sep 17 00:00:00 2001
From: Ty Overby <ty@pre-alpha.com>
Date: Thu, 28 May 2015 16:12:46 -0700
Subject: [PATCH] fail with size limit on large maps too

---
 src/reader.rs |  8 ++++++++
 src/test.rs   | 19 +++++++++++++++----
 2 files changed, 23 insertions(+), 4 deletions(-)

diff --git a/src/reader.rs b/src/reader.rs
index a3d8f7d..19b8aff 100644
--- a/src/reader.rs
+++ b/src/reader.rs
@@ -354,7 +354,15 @@ impl<'a, R: Read> Decoder for DecoderReader<'a, R> {
     fn read_map<T, F>(&mut self, f: F) -> DecodingResult<T>
         where F: FnOnce(&mut DecoderReader<'a, R>, usize) -> DecodingResult<T>
     {
+        use std::mem::size_of;
+        use std::usize;
         let len = try!(self.read_usize());
+        if let SizeLimit::Bounded(x) = self.size_limit {
+            if (len > usize::MAX / size_of::<T>()) ||
+                    (len * size_of::<T>()) as u64 > (x - self.read) {
+                return Err(DecodingError::SizeLimit)
+            }
+        }
         f(self, len)
     }
     fn read_map_elt_key<T, F>(&mut self, _: usize, f: F) -> DecodingResult<T>
diff --git a/src/test.rs b/src/test.rs
index 818e36e..28f3a64 100644
--- a/src/test.rs
+++ b/src/test.rs
@@ -335,9 +335,20 @@ fn no_oom() {
     }
 
     let x = encode(&FakeVec { len: 0xffffffffffffffffu64, byte: 1 }, Bounded(10)).unwrap();
-    let y : Result<Vec<u8>, _> = decode_from(&mut Cursor::new(&x[..]), Bounded(10));
-    match y {
-        Err(DecodingError::SizeLimit) => assert!(true),
-        _ => assert!(false)
+
+    {
+        let y : Result<Vec<u8>, _> = decode_from(&mut Cursor::new(&x[..]), Bounded(10));
+        match y {
+            Err(DecodingError::SizeLimit) => assert!(true),
+            _ => assert!(false)
+        }
+    }
+
+    {
+        let y : Result<HashMap<u8, u8>, _> = decode_from(&mut Cursor::new(&x[..]), Bounded(10));
+        match y {
+            Err(DecodingError::SizeLimit) => assert!(true),
+            _ => assert!(false)
+        }
     }
 }