diff --git a/src/rustc_serialize/reader.rs b/src/rustc_serialize/reader.rs index d3dbfb3..1be8304 100644 --- a/src/rustc_serialize/reader.rs +++ b/src/rustc_serialize/reader.rs @@ -129,7 +129,10 @@ impl<'a, R: Read> DecoderReader<'a, R> { impl <'a, A> DecoderReader<'a, A> { fn read_bytes(&mut self, count: u64) -> Result<(), DecodingError> { - self.read += count; + self.read = match self.read.checked_add(count) { + Some(read) => read, + None => return Err(DecodingError::SizeLimit), + }; match self.size_limit { SizeLimit::Infinite => Ok(()), SizeLimit::Bounded(x) if self.read <= x => Ok(()), @@ -342,6 +345,18 @@ impl<'a, R: Read> Decoder for DecoderReader<'a, R> { where F: FnOnce(&mut DecoderReader<'a, R>, usize) -> DecodingResult { let len = try!(self.read_usize()); + match self.size_limit { + SizeLimit::Infinite => (), + SizeLimit::Bounded(x) => { + let overflow = match self.read.checked_add(len as u64) { + Some(y) => y > x, + None => true, + }; + if overflow { + return Err(DecodingError::SizeLimit); + } + }, + }; f(self, len) } fn read_seq_elt(&mut self, _: usize, f: F) -> DecodingResult @@ -353,6 +368,18 @@ impl<'a, R: Read> Decoder for DecoderReader<'a, R> { where F: FnOnce(&mut DecoderReader<'a, R>, usize) -> DecodingResult { let len = try!(self.read_usize()); + match self.size_limit { + SizeLimit::Infinite => (), + SizeLimit::Bounded(x) => { + let overflow = match self.read.checked_add(len as u64) { + Some(y) => y > x, + None => true, + }; + if overflow { + return Err(DecodingError::SizeLimit); + } + }, + }; f(self, len) } fn read_map_elt_key(&mut self, _: usize, f: F) -> DecodingResult