protect std::io::Take::limit from overflow in read

frank-king · frank-king · commit 64ac04567ba3 · 2022-05-29T11:44:30.000+08:00
fixs rust-lang#94981
diff --git a/library/std/src/io/mod.rs b/library/std/src/io/mod.rs
@@ -2559,6 +2559,7 @@ impl<T: Read> Read for Take<T> {
 
         let max = cmp::min(buf.len() as u64, self.limit) as usize;
         let n = self.inner.read(&mut buf[..max])?;
+        assert!(n as u64 <= self.limit, "number of read bytes exceeds limit");
         self.limit -= n as u64;
         Ok(n)
     }
diff --git a/library/std/src/io/tests.rs b/library/std/src/io/tests.rs
@@ -583,6 +583,25 @@ fn test_write_all_vectored() {
     }
 }
 
+// Issue 94981
+#[test]
+#[should_panic = "number of read bytes exceeds limit"]
+fn test_take_wrong_length() {
+    struct LieAboutSize(bool);
+
+    impl Read for LieAboutSize {
+        fn read(&mut self, buf: &mut [u8]) -> io::Result<usize> {
+            // Lie about the read size at first time of read.
+            if core::mem::take(&mut self.0) { Ok(buf.len() + 1) } else { Ok(buf.len()) }
+        }
+    }
+
+    let mut buffer = vec![0; 4];
+    let mut reader = LieAboutSize(true).take(4);
+    // Primed the `Limit` by lying about the read size.
+    let _ = reader.read(&mut buffer[..]);
+}
+
 #[bench]
 fn bench_take_read(b: &mut test::Bencher) {
     b.iter(|| {

Original file line number	Diff line number	Diff line change
`@@ -2559,6 +2559,7 @@ impl<T: Read> Read for Take<T> {`
`2559`	`2559`
`2560`	`2560`	`let max = cmp::min(buf.len() as u64, self.limit) as usize;`
`2561`	`2561`	`let n = self.inner.read(&mut buf[..max])?;`
	`2562`	`+ assert!(n as u64 <= self.limit, "number of read bytes exceeds limit");`
`2562`	`2563`	`self.limit -= n as u64;`
`2563`	`2564`	`Ok(n)`
`2564`	`2565`	`}`