Panic/memory allocation of x bytes failed with 1.3.3 version of bincode

[qarmin]

Project - ttttt.zip
Code

use std::collections::BTreeSet;
use std::fs::File;

use serde_derive::Deserialize;
use serde_derive::Serialize;

#[derive(Serialize, Deserialize, Debug, Eq, PartialEq, Hash, Ord, PartialOrd)]
pub struct DifferentHeavyStruct {
    pub st: String,
    pub path: String,
    pub another_problem: String,
    pub ss: bool,
    pub sss: bool,
    pub ssss: bool,
    pub sssss: u32,
    pub ssssss: i32,
    pub sssssss: u64,
    pub ssssssss: i64,
    pub cc: Vec<u8>,
    pub cc2: Vec<u8>,
    pub cc5: Vec<u8>,
    pub cc6: Vec<u8>,
}

#[derive(Serialize, Deserialize, Debug, Eq, PartialEq, Hash, Ord, PartialOrd)]
pub struct HeavyStruct {
    pub st: String,
    pub path: String,
    pub another_problem: String,
    pub ss: bool,
    pub sss: bool,
    pub ssss: bool,
    pub sssss: u32,
    pub ssssss: i32,
    pub sssssss: u64,
    pub ssssssss: i64,
    pub cc: Vec<u8>,
    pub cc2: Vec<u8>,
    pub cc3: Vec<u8>,
}

fn main() {
    let mut vec = Vec::new();


    for i in 0..(rand::random::<u32>() % 10 + 101) {
        for _ in 0..(rand::random::<u32>() % 1000 + 1) {
            let mut ss = Vec::new();
            for _ in 0..(rand::random::<u32>() % 20 + 1) {
                ss.push(rand::random());
            }
            vec.push(HeavyStruct {
                st: String::from("Hello"),
                path: "".to_string(),
                another_problem: "".to_string(),
                ss: rand::random(),
                sss: rand::random(),
                ssss: rand::random(),
                sssss: rand::random(),
                ssssss: rand::random(),
                sssssss: rand::random(),
                ssssssss: rand::random(),
                cc: ss.clone(),
                cc2: ss.clone(),
                cc3: ss,
            });
        }
        {
            let file_handler = File::create("test.bin").unwrap();
            bincode::serialize_into::<File, Vec<HeavyStruct>>(file_handler, &vec).unwrap();
        }
        {
            let file_handler = File::open("test.bin").unwrap();
            let r = bincode::deserialize_from::<File, BTreeSet<DifferentHeavyStruct>>(file_handler);
            if r.is_ok() {
                println!("OK");
            } else {
                println!("{r:?}");
            }
        }
    }

    println!("Hello, world!");
}

crashes with random messages

memory allocation of 3307642593290027009 bytes failed

thread 'main' panicked at library/alloc/src/raw_vec.rs:534:5:
capacity overflow
stack backtrace:
   0: rust_begin_unwind
             at /rustc/cc66ad468955717ab92600c770da8c1601a4ff33/library/std/src/panicking.rs:595:5
   1: core::panicking::panic_fmt
             at /rustc/cc66ad468955717ab92600c770da8c1601a4ff33/library/core/src/panicking.rs:67:14
   2: alloc::raw_vec::capacity_overflow
             at /rustc/cc66ad468955717ab92600c770da8c1601a4ff33/library/alloc/src/raw_vec.rs:534:5
   3: alloc::raw_vec::handle_reserve
             at /rustc/cc66ad468955717ab92600c770da8c1601a4ff33/library/alloc/src/raw_vec.rs:505:34
   4: alloc::raw_vec::RawVec<T,A>::reserve::do_reserve_and_handle
             at /rustc/cc66ad468955717ab92600c770da8c1601a4ff33/library/alloc/src/raw_vec.rs:289:13
   5: alloc::raw_vec::RawVec<T,A>::reserve
             at /rustc/cc66ad468955717ab92600c770da8c1601a4ff33/library/alloc/src/raw_vec.rs:293:13
   6: alloc::vec::Vec<T,A>::reserve
             at /rustc/cc66ad468955717ab92600c770da8c1601a4ff33/library/alloc/src/vec/mod.rs:909:18
   7: alloc::vec::Vec<T,A>::extend_with
             at /rustc/cc66ad468955717ab92600c770da8c1601a4ff33/library/alloc/src/vec/mod.rs:2477:9
   8: alloc::vec::Vec<T,A>::resize
             at /rustc/cc66ad468955717ab92600c770da8c1601a4ff33/library/alloc/src/vec/mod.rs:2359:13
   9: bincode::de::read::IoReader<R>::fill_buffer
             at /home/rafal/.cargo/registry/src/index.crates.io-6f17d22bba15001f/bincode-1.3.3/src/de/read.rs:144:9
  10: <bincode::de::read::IoReader<R> as bincode::de::read::BincodeRead>::get_byte_buffer
             at /home/rafal/.cargo/registry/src/index.crates.io-6f17d22bba15001f/bincode-1.3.3/src/de/read.rs:171:9
  11: bincode::de::Deserializer<R,O>::read_vec
             at /home/rafal/.cargo/registry/src/index.crates.io-6f17d22bba15001f/bincode-1.3.3/src/de/mod.rs:96:9
  12: bincode::de::Deserializer<R,O>::read_string
             at /home/rafal/.cargo/registry/src/index.crates.io-6f17d22bba15001f/bincode-1.3.3/src/de/mod.rs:100:19
  13: <&mut bincode::de::Deserializer<R,O> as serde::de::Deserializer>::deserialize_string
             at /home/rafal/.cargo/registry/src/index.crates.io-6f17d22bba15001f/bincode-1.3.3/src/de/mod.rs:244:30
  14: serde::de::impls::<impl serde::de::Deserialize for alloc::string::String>::deserialize
             at /home/rafal/.cargo/registry/src/index.crates.io-6f17d22bba15001f/serde-1.0.190/src/de/impls.rs:604:9
  15: <core::marker::PhantomData<T> as serde::de::DeserializeSeed>::deserialize
             at /home/rafal/.cargo/registry/src/index.crates.io-6f17d22bba15001f/serde-1.0.190/src/de/mod.rs:794:9
  16: <<&mut bincode::de::Deserializer<R,O> as serde::de::Deserializer>::deserialize_tuple::Access<R,O> as serde::de::SeqAccess>::next_element_seed
             at /home/rafal/.cargo/registry/src/index.crates.io-6f17d22bba15001f/bincode-1.3.3/src/de/mod.rs:314:25
  17: serde::de::SeqAccess::next_element
             at /home/rafal/.cargo/registry/src/index.crates.io-6f17d22bba15001f/serde-1.0.190/src/de/mod.rs:1726:9
  18: <ttttt::_::<impl serde::de::Deserialize for ttttt::DifferentHeavyStruct>::deserialize::__Visitor as serde::de::Visitor>::visit_seq
             at ./src/main.rs:7:21
  19: <&mut bincode::de::Deserializer<R,O> as serde::de::Deserializer>::deserialize_tuple
             at /home/rafal/.cargo/registry/src/index.crates.io-6f17d22bba15001f/bincode-1.3.3/src/de/mod.rs:326:9
  20: <&mut bincode::de::Deserializer<R,O> as serde::de::Deserializer>::deserialize_struct
             at /home/rafal/.cargo/registry/src/index.crates.io-6f17d22bba15001f/bincode-1.3.3/src/de/mod.rs:411:9
  21: ttttt::_::<impl serde::de::Deserialize for ttttt::DifferentHeavyStruct>::deserialize
             at ./src/main.rs:7:21
  22: <core::marker::PhantomData<T> as serde::de::DeserializeSeed>::deserialize
             at /home/rafal/.cargo/registry/src/index.crates.io-6f17d22bba15001f/serde-1.0.190/src/de/mod.rs:794:9
  23: <<&mut bincode::de::Deserializer<R,O> as serde::de::Deserializer>::deserialize_tuple::Access<R,O> as serde::de::SeqAccess>::next_element_seed
             at /home/rafal/.cargo/registry/src/index.crates.io-6f17d22bba15001f/bincode-1.3.3/src/de/mod.rs:314:25
  24: serde::de::SeqAccess::next_element
             at /home/rafal/.cargo/registry/src/index.crates.io-6f17d22bba15001f/serde-1.0.190/src/de/mod.rs:1726:9
  25: <serde::de::impls::<impl serde::de::Deserialize for alloc::collections::btree::set::BTreeSet<T>>::deserialize::SeqVisitor<T> as serde::de::Visitor>::visit_seq
             at /home/rafal/.cargo/registry/src/index.crates.io-6f17d22bba15001f/serde-1.0.190/src/de/impls.rs:918:54
  26: <&mut bincode::de::Deserializer<R,O> as serde::de::Deserializer>::deserialize_tuple
             at /home/rafal/.cargo/registry/src/index.crates.io-6f17d22bba15001f/bincode-1.3.3/src/de/mod.rs:326:9
  27: <&mut bincode::de::Deserializer<R,O> as serde::de::Deserializer>::deserialize_seq
             at /home/rafal/.cargo/registry/src/index.crates.io-6f17d22bba15001f/bincode-1.3.3/src/de/mod.rs:350:9
  28: serde::de::impls::<impl serde::de::Deserialize for alloc::collections::btree::set::BTreeSet<T>>::deserialize
             at /home/rafal/.cargo/registry/src/index.crates.io-6f17d22bba15001f/serde-1.0.190/src/de/impls.rs:927:17
  29: <core::marker::PhantomData<T> as serde::de::DeserializeSeed>::deserialize
             at /home/rafal/.cargo/registry/src/index.crates.io-6f17d22bba15001f/serde-1.0.190/src/de/mod.rs:794:9
  30: bincode::internal::deserialize_from_custom_seed
             at /home/rafal/.cargo/registry/src/index.crates.io-6f17d22bba15001f/bincode-1.3.3/src/internal.rs:88:5
  31: bincode::internal::deserialize_from_seed
             at /home/rafal/.cargo/registry/src/index.crates.io-6f17d22bba15001f/bincode-1.3.3/src/internal.rs:65:5
  32: bincode::internal::deserialize_from
             at /home/rafal/.cargo/registry/src/index.crates.io-6f17d22bba15001f/bincode-1.3.3/src/internal.rs:55:5
  33: bincode::config::Options::deserialize_from
             at /home/rafal/.cargo/registry/src/index.crates.io-6f17d22bba15001f/bincode-1.3.3/src/config/mod.rs:229:9
  34: bincode::deserialize_from
             at /home/rafal/.cargo/registry/src/index.crates.io-6f17d22bba15001f/bincode-1.3.3/src/lib.rs:129:5
  35: ttttt::main
             at ./src/main.rs:74:21
  36: core::ops::function::FnOnce::call_once
             at /rustc/cc66ad468955717ab92600c770da8c1601a4ff33/library/core/src/ops/function.rs:250:5
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.

[VictorKoenders]

You serialize Vec<HeavyStruct> but you deserialize BTreeSet<DifferentHeavyStruct>. These two structs are different, bincode does not support this

[qarmin]

I know that - I wanted to find minimal code that cause panic/crash.

Crashing entire app is not right solution when trying to deserialize untrusted file, so here should be returned Err() like in similar invalid situations

[ZoeyR]

You need to configure bincode to limit its possible allocation. Refer to this documentation on how to do that https://docs.rs/bincode/latest/bincode/config/trait.Options.html#method.with_limit