mikros/serde
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #774 from nox/limit-hints

Browse Source 
Clamp hints coming from untrusted input to 4096
This commit is contained in:
David Tolnay 2017-02-19 13:51:21 -08:00 committed by GitHub
commit 7dad6426da
3 changed files with 13 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
serde/src/bytes.rs
View File

@ -114,6 +114,7 @@ impl<'a> ser::Serialize for Bytes<'a> {
#[cfg(any(feature = "std", feature = "collections"))] #[cfg(any(feature = "std", feature = "collections"))]
mod bytebuf { mod bytebuf {
use core::cmp;
use core::ops; use core::ops;
use core::fmt; use core::fmt;
use core::fmt::Write; use core::fmt::Write;
@ -254,7 +255,7 @@ mod bytebuf {
fn visit_seq<V>(self, mut visitor: V) -> Result<ByteBuf, V::Error> fn visit_seq<V>(self, mut visitor: V) -> Result<ByteBuf, V::Error>
where V: de::SeqVisitor where V: de::SeqVisitor
{ {
let (len, _) = visitor.size_hint(); let len = cmp::min(visitor.size_hint().0, 4096);
let mut values = Vec::with_capacity(len); let mut values = Vec::with_capacity(len);
while let Some(value) = try!(visitor.visit()) { while let Some(value) = try!(visitor.visit()) {

7
serde/src/de/content.rs
View File

@ -10,6 +10,7 @@
#![doc(hidden)] #![doc(hidden)]
use core::cmp;
use core::fmt; use core::fmt;
use core::marker::PhantomData; use core::marker::PhantomData;
@ -197,7 +198,7 @@ impl Visitor for ContentVisitor {
fn visit_seq<V>(self, mut visitor: V) -> Result<Self::Value, V::Error> fn visit_seq<V>(self, mut visitor: V) -> Result<Self::Value, V::Error>
where V: SeqVisitor where V: SeqVisitor
{ {
let mut vec = Vec::with_capacity(visitor.size_hint().0); let mut vec = Vec::with_capacity(cmp::min(visitor.size_hint().0, 4096));
while let Some(e) = try!(visitor.visit()) { while let Some(e) = try!(visitor.visit()) {
vec.push(e); vec.push(e);
} }
@ -207,7 +208,7 @@ impl Visitor for ContentVisitor {
fn visit_map<V>(self, mut visitor: V) -> Result<Self::Value, V::Error> fn visit_map<V>(self, mut visitor: V) -> Result<Self::Value, V::Error>
where V: MapVisitor where V: MapVisitor
{ {
let mut vec = Vec::with_capacity(visitor.size_hint().0); let mut vec = Vec::with_capacity(cmp::min(visitor.size_hint().0, 4096));
while let Some(kv) = try!(visitor.visit()) { while let Some(kv) = try!(visitor.visit()) {
vec.push(kv); vec.push(kv);
} }
@ -465,7 +466,7 @@ impl<T> Visitor for TaggedContentVisitor<T>
where V: MapVisitor where V: MapVisitor
{ {
let mut tag = None; let mut tag = None;
let mut vec = Vec::with_capacity(visitor.size_hint().0); let mut vec = Vec::with_capacity(cmp::min(visitor.size_hint().0, 4096));
while let Some(k) = try!(visitor.visit_key_seed(TagOrContentVisitor::new(self.tag_name))) { while let Some(k) = try!(visitor.visit_key_seed(TagOrContentVisitor::new(self.tag_name))) {
match k { match k {
TagOrContent::Tag => { TagOrContent::Tag => {

12
serde/src/de/impls.rs
View File

@ -14,6 +14,8 @@ use std::collections::{HashMap, HashSet, BinaryHeap, BTreeMap, BTreeSet, LinkedL
#[cfg(feature = "collections")] #[cfg(feature = "collections")]
use collections::borrow::ToOwned; use collections::borrow::ToOwned;
#[cfg(any(feature = "std", feature = "collections"))]
use core::cmp;
use core::fmt; use core::fmt;
#[cfg(feature = "std")] #[cfg(feature = "std")]
use core::hash::{Hash, BuildHasher}; use core::hash::{Hash, BuildHasher};
@ -442,7 +444,7 @@ seq_impl!(
BinaryHeapVisitor<T: Deserialize + Ord>, BinaryHeapVisitor<T: Deserialize + Ord>,
visitor, visitor,
BinaryHeap::new(), BinaryHeap::new(),
BinaryHeap::with_capacity(visitor.size_hint().0), BinaryHeap::with_capacity(cmp::min(visitor.size_hint().0, 4096)),
BinaryHeap::push); BinaryHeap::push);
#[cfg(any(feature = "std", feature = "collections"))] #[cfg(any(feature = "std", feature = "collections"))]
@ -470,7 +472,7 @@ seq_impl!(
S: BuildHasher + Default>, S: BuildHasher + Default>,
visitor, visitor,
HashSet::with_hasher(S::default()), HashSet::with_hasher(S::default()),
HashSet::with_capacity_and_hasher(visitor.size_hint().0, S::default()), HashSet::with_capacity_and_hasher(cmp::min(visitor.size_hint().0, 4096), S::default()),
HashSet::insert); HashSet::insert);
#[cfg(any(feature = "std", feature = "collections"))] #[cfg(any(feature = "std", feature = "collections"))]
@ -479,7 +481,7 @@ seq_impl!(
VecVisitor<T: Deserialize>, VecVisitor<T: Deserialize>,
visitor, visitor,
Vec::new(), Vec::new(),
Vec::with_capacity(visitor.size_hint().0), Vec::with_capacity(cmp::min(visitor.size_hint().0, 4096)),
Vec::push); Vec::push);
#[cfg(any(feature = "std", feature = "collections"))] #[cfg(any(feature = "std", feature = "collections"))]
@ -488,7 +490,7 @@ seq_impl!(
VecDequeVisitor<T: Deserialize>, VecDequeVisitor<T: Deserialize>,
visitor, visitor,
VecDeque::new(), VecDeque::new(),
VecDeque::with_capacity(visitor.size_hint().0), VecDeque::with_capacity(cmp::min(visitor.size_hint().0, 4096)),
VecDeque::push_back); VecDeque::push_back);
/////////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////////
@ -766,7 +768,7 @@ map_impl!(
S: BuildHasher + Default>, S: BuildHasher + Default>,
visitor, visitor,
HashMap::with_hasher(S::default()), HashMap::with_hasher(S::default()),
HashMap::with_capacity_and_hasher(visitor.size_hint().0, S::default())); HashMap::with_capacity_and_hasher(cmp::min(visitor.size_hint().0, 4096), S::default()));
/////////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////////