Rollup merge of rust-lang#95040 - frank-king:fix/94981, r=Mark-Simulacrum

JohnTitor · web-flow · commit 0ecbcbb0ace4 · 2022-07-25T18:46:47.000+09:00
protect `std::io::Take::limit` from overflow in `read` Resolves rust-lang#94981
diff --git a/library/std/src/io/mod.rs b/library/std/src/io/mod.rs
@@ -2577,6 +2577,7 @@ impl<T: Read> Read for Take<T> {
 
         let max = cmp::min(buf.len() as u64, self.limit) as usize;
         let n = self.inner.read(&mut buf[..max])?;
+        assert!(n as u64 <= self.limit, "number of read bytes exceeds limit");
         self.limit -= n as u64;
         Ok(n)
     }
diff --git a/library/std/src/io/tests.rs b/library/std/src/io/tests.rs
@@ -583,6 +583,25 @@ fn test_write_all_vectored() {
     }
 }
 
+// Issue 94981
+#[test]
+#[should_panic = "number of read bytes exceeds limit"]
+fn test_take_wrong_length() {
+    struct LieAboutSize(bool);
+
+    impl Read for LieAboutSize {
+        fn read(&mut self, buf: &mut [u8]) -> io::Result<usize> {
+            // Lie about the read size at first time of read.
+            if core::mem::take(&mut self.0) { Ok(buf.len() + 1) } else { Ok(buf.len()) }
+        }
+    }
+
+    let mut buffer = vec![0; 4];
+    let mut reader = LieAboutSize(true).take(4);
+    // Primed the `Limit` by lying about the read size.
+    let _ = reader.read(&mut buffer[..]);
+}
+
 #[bench]
 fn bench_take_read(b: &mut test::Bencher) {
     b.iter(|| {

Original file line number	Diff line number	Diff line change
`@@ -2577,6 +2577,7 @@ impl<T: Read> Read for Take<T> {`
`2577`	`2577`
`2578`	`2578`	`let max = cmp::min(buf.len() as u64, self.limit) as usize;`
`2579`	`2579`	`let n = self.inner.read(&mut buf[..max])?;`
	`2580`	`+ assert!(n as u64 <= self.limit, "number of read bytes exceeds limit");`
`2580`	`2581`	`self.limit -= n as u64;`
`2581`	`2582`	`Ok(n)`
`2582`	`2583`	`}`