Skip to content

Commit

Permalink
fix(buffer): check capacity before resizing
Browse files Browse the repository at this point in the history 
``cmp::min(cap * 4, MAX_BUFFER_SIZE) - cap'' can underflow when
cap > MAX_BUFFER_SIZE.  cap can exceed MAX_BUFFER_SIZE because
Vec::reserve aligns to powers of two.

Discovered by Matt Howard <[email protected]>
  • Loading branch information
@infinityb
infinityb committed May 27, 2015
1 parent 9dc8527 commit b1686d1
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/buffer.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ impl<R: Read> BufReader<R> {
#[inline]
fn maybe_reserve(&mut self) {
let cap = self.buf.capacity();
if self.cap == cap {
if self.cap == cap && cap < MAX_BUFFER_SIZE {
self.buf.reserve(cmp::min(cap * 4, MAX_BUFFER_SIZE) - cap);
let new = self.buf.capacity() - self.buf.len();
trace!("reserved {}", new);
Expand Down

0 comments on commit b1686d1

Please sign in to comment.