Merge pull request #774 from nox/limit-hints

Clamp hints coming from untrusted input to 4096

serde/src/bytes.rs

@@ -114,6 +114,7 @@ impl<'a> ser::Serialize for Bytes<'a> {
 
 #[cfg(any(feature = "std", feature = "collections"))]
 mod bytebuf {
+    use core::cmp;
     use core::ops;
     use core::fmt;
     use core::fmt::Write;
@@ -254,7 +255,7 @@ mod bytebuf {
         fn visit_seq<V>(self, mut visitor: V) -> Result<ByteBuf, V::Error>
             where V: de::SeqVisitor
         {
-            let (len, _) = visitor.size_hint();
+            let len = cmp::min(visitor.size_hint().0, 4096);
             let mut values = Vec::with_capacity(len);
 
             while let Some(value) = try!(visitor.visit()) {

serde/src/de/content.rs

@@ -10,6 +10,7 @@
 
 #![doc(hidden)]
 
+use core::cmp;
 use core::fmt;
 use core::marker::PhantomData;
 
@@ -197,7 +198,7 @@ impl Visitor for ContentVisitor {
     fn visit_seq<V>(self, mut visitor: V) -> Result<Self::Value, V::Error>
         where V: SeqVisitor
     {
-        let mut vec = Vec::with_capacity(visitor.size_hint().0);
+        let mut vec = Vec::with_capacity(cmp::min(visitor.size_hint().0, 4096));
         while let Some(e) = try!(visitor.visit()) {
             vec.push(e);
         }
@@ -207,7 +208,7 @@ impl Visitor for ContentVisitor {
     fn visit_map<V>(self, mut visitor: V) -> Result<Self::Value, V::Error>
         where V: MapVisitor
     {
-        let mut vec = Vec::with_capacity(visitor.size_hint().0);
+        let mut vec = Vec::with_capacity(cmp::min(visitor.size_hint().0, 4096));
         while let Some(kv) = try!(visitor.visit()) {
             vec.push(kv);
         }
@@ -465,7 +466,7 @@ impl<T> Visitor for TaggedContentVisitor<T>
         where V: MapVisitor
     {
         let mut tag = None;
-        let mut vec = Vec::with_capacity(visitor.size_hint().0);
+        let mut vec = Vec::with_capacity(cmp::min(visitor.size_hint().0, 4096));
         while let Some(k) = try!(visitor.visit_key_seed(TagOrContentVisitor::new(self.tag_name))) {
             match k {
                 TagOrContent::Tag => {

serde/src/de/impls.rs

@@ -14,6 +14,8 @@ use std::collections::{HashMap, HashSet, BinaryHeap, BTreeMap, BTreeSet, LinkedL
 #[cfg(feature = "collections")]
 use collections::borrow::ToOwned;
 
+#[cfg(any(feature = "std", feature = "collections"))]
+use core::cmp;
 use core::fmt;
 #[cfg(feature = "std")]
 use core::hash::{Hash, BuildHasher};
@@ -442,7 +444,7 @@ seq_impl!(
     BinaryHeapVisitor<T: Deserialize + Ord>,
     visitor,
     BinaryHeap::new(),
-    BinaryHeap::with_capacity(visitor.size_hint().0),
+    BinaryHeap::with_capacity(cmp::min(visitor.size_hint().0, 4096)),
     BinaryHeap::push);
 
 #[cfg(any(feature = "std", feature = "collections"))]
@@ -470,7 +472,7 @@ seq_impl!(
                    S: BuildHasher + Default>,
     visitor,
     HashSet::with_hasher(S::default()),
-    HashSet::with_capacity_and_hasher(visitor.size_hint().0, S::default()),
+    HashSet::with_capacity_and_hasher(cmp::min(visitor.size_hint().0, 4096), S::default()),
     HashSet::insert);
 
 #[cfg(any(feature = "std", feature = "collections"))]
@@ -479,7 +481,7 @@ seq_impl!(
     VecVisitor<T: Deserialize>,
     visitor,
     Vec::new(),
-    Vec::with_capacity(visitor.size_hint().0),
+    Vec::with_capacity(cmp::min(visitor.size_hint().0, 4096)),
     Vec::push);
 
 #[cfg(any(feature = "std", feature = "collections"))]
@@ -488,7 +490,7 @@ seq_impl!(
     VecDequeVisitor<T: Deserialize>,
     visitor,
     VecDeque::new(),
-    VecDeque::with_capacity(visitor.size_hint().0),
+    VecDeque::with_capacity(cmp::min(visitor.size_hint().0, 4096)),
     VecDeque::push_back);
 
 ///////////////////////////////////////////////////////////////////////////////
@@ -766,7 +768,7 @@ map_impl!(
                    S: BuildHasher + Default>,
     visitor,
     HashMap::with_hasher(S::default()),
-    HashMap::with_capacity_and_hasher(visitor.size_hint().0, S::default()));
+    HashMap::with_capacity_and_hasher(cmp::min(visitor.size_hint().0, 4096), S::default()));
 
 ///////////////////////////////////////////////////////////////////////////////