From: Tobias Bucher <tobiasbucher5991@gmail.com>
Date: Tue, 11 Sep 2018 09:44:28 +0000 (+0200)
Subject: Fix overflow in `from_raw_parts` size check
X-Git-Url: https://git.lizzy.rs/?a=commitdiff_plain;h=5d9086f12361fc1dc51d831497a9af68046eb2d1;p=rust.git

Fix overflow in `from_raw_parts` size check
---

diff --git a/src/libcore/slice/mod.rs b/src/libcore/slice/mod.rs
index 7fd8e2599f9..e7e4789e09f 100644
--- a/src/libcore/slice/mod.rs
+++ b/src/libcore/slice/mod.rs
@@ -3881,7 +3881,8 @@ fn may_have_side_effect() -> bool { false }
 #[stable(feature = "rust1", since = "1.0.0")]
 pub unsafe fn from_raw_parts<'a, T>(data: *const T, len: usize) -> &'a [T] {
     debug_assert!(data as usize % mem::align_of::<T>() == 0, "attempt to create unaligned slice");
-    debug_assert!(len * mem::size_of::<T>() < isize::MAX as usize,
+    let size = mem::size_of::<T>();
+    debug_assert!(size == 0 || len < (isize::MAX as usize + size - 1) / size,
                   "attempt to create slice covering half the address space");
     Repr { raw: FatPtr { data, len } }.rust
 }
@@ -3904,9 +3905,10 @@ pub unsafe fn from_raw_parts<'a, T>(data: *const T, len: usize) -> &'a [T] {
 #[stable(feature = "rust1", since = "1.0.0")]
 pub unsafe fn from_raw_parts_mut<'a, T>(data: *mut T, len: usize) -> &'a mut [T] {
     debug_assert!(data as usize % mem::align_of::<T>() == 0, "attempt to create unaligned slice");
-    debug_assert!(len * mem::size_of::<T>() < isize::MAX as usize,
+    let size = mem::size_of::<T>();
+    debug_assert!(size == 0 || len < (isize::MAX as usize + size - 1) / size,
                   "attempt to create slice covering half the address space");
-    Repr { raw: FatPtr { data, len} }.rust_mut
+    Repr { raw: FatPtr { data, len } }.rust_mut
 }
 
 /// Converts a reference to T into a slice of length 1 (without copying).