core: panic on overflow in BorrowedCursor

Author: joboet

core/src/io/borrowed_buf.rs

@@ -249,9 +249,10 @@ impl<'a> BorrowedCursor<'a> {
     /// Panics if there are less than `n` bytes initialized.
     #[inline]
     pub fn advance(&mut self, n: usize) -> &mut Self {
-        assert!(self.buf.init >= self.buf.filled + n);
+        let filled = self.buf.filled.strict_add(n);
+        assert!(filled <= self.buf.init);
 
-        self.buf.filled += n;
+        self.buf.filled = filled;
         self
     }
 

std/src/io/tests.rs

@@ -209,6 +209,15 @@ fn read_buf_exact() {
     assert_eq!(c.read_buf_exact(buf.unfilled()).unwrap_err().kind(), io::ErrorKind::UnexpectedEof);
 }
 
+#[test]
+#[should_panic]
+fn borrowed_cursor_advance_overflow() {
+    let mut buf = [0; 512];
+    let mut buf = BorrowedBuf::from(&mut buf[..]);
+    buf.unfilled().advance(1);
+    buf.unfilled().advance(usize::MAX);
+}
+
 #[test]
 fn take_eof() {
     struct R;