Skip to content

Hazards on uint overflow in std::vec #8742

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
bluss opened this issue Aug 25, 2013 · 4 comments
Closed

Hazards on uint overflow in std::vec #8742

bluss opened this issue Aug 25, 2013 · 4 comments

Comments

@bluss
Copy link
Member

bluss commented Aug 25, 2013

std::vec does not check for overflow properly, and it should be possible to crash Rust where uint overflow can be triggered in reserve logic (at least in 32-bit Rust).

verdict: if you unsafe {}, check for overflow.
@huonw
Copy link
Member

huonw commented Aug 25, 2013

It seems these can/should be solved by using checked_add and checked_mul as a (almost) drop-in replacement for + and *.

@bluss
Copy link
Member Author

bluss commented Aug 25, 2013

I think we should add helper methods for "reserve space for N more elements". That way we solve this problem for user code too (is it needed?)

fn reserve_space_for_more(&mut self, more: uint) {  // find me a better name and write me less silly
    let newcap = self.len().checked_add(&more).expect("reserve_space_for_more: Overflow");
    self.reserve(cmp::max(newcap, uint::next_power_of_two(newcap))
}

@bluss
Copy link
Member Author

bluss commented Aug 26, 2013

  • at_vec has overflow problems in its raw::reserve_raw too
  • possibly rt::io::extensions::push_bytes

@thestinger
Copy link
Contributor

Life would be easier if vectors were { length, capacity, *data }. It would also remove the need for OptVec.

@bluss bluss mentioned this issue Sep 11, 2013
Closed
@bors bors closed this as completed in d5e9033 Sep 17, 2013
flip1995 pushed a commit to flip1995/rust that referenced this issue May 5, 2022
@bors
Auto merge of rust-lang#8742 - goth-turtle:mistyped-literal-suffix, r…
388e6b7 
…=llogiq

mistyped_literal_suffix: improve integer suggestions, avoid wrong float suggestions

This PR fixes 2 things:
- The known problem that integer types are always suggested as signed, by suggesting an unsigned suffix for literals that wouldnt fit in the signed type, and ignores any literals too big for the corresponding unsigned type too.
- The lint would only look at the integer part of any floating point literals without an exponent, this causing rust-lang#6129. This just ignores those literals.

Examples:
```rust
let _ = 2_32; // still 2_i32
let _ = 234_8; // would now suggest 234_u8

// these are now ignored
let _ = 500_8;
let _ = 123_32.123;
```

changelog: suggest correct integer types in [`mistyped_literal_suffix`], ignore float literals without an exponent
fixes rust-lang#6129
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix uint overflow bugs in std::{at_vec, vec, str}
3 participants
@huonw @thestinger @bluss