Fix crash in BufReader::peek() #137832
Merged
Fix crash in BufReader::peek() #137832
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This patch makes BufReader::peek()'s doctest call read_more() to refill the buffer before the inner reader hits EOF. This exposes a bug in read_more() that causes an out-of-bounds slice access and segfault.
Buffer::read_more() is supposed to refill the buffer without discarding its contents, which are in the range `pos .. filled`. It mistakenly borrows the range `pos ..`, fills that, and then increments `filled` by the amount read. This overwrites the buffer's existing contents and sets `filled` to a too-large value that either exposes uninitialized bytes or walks off the end of the buffer entirely. This patch makes it correctly fill only the unfilled portion of the buffer, which should maintain all the type invariants and fix the test failure introduced in commit b119671.
rustbot
added
S-waiting-on-review
|
Oh wow, that's a bad bug... great catch, and thank you for the PR! |
bors
added
S-waiting-on-bors
jieyouxu
added a commit
to jieyouxu/rust
that referenced
this pull request
Mar 5, 2025
Fix crash in BufReader::peek() `bufreader_peek` tracking issue: rust-lang#128405 This fixes a logic error in `Buffer::read_more()` that would make `BufReader::peek()` expose uninitialized data and/or segfault if `read_more()` was called with a partially-full buffer and a non-empty inner reader.
bors
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Mar 5, 2025
Rollup of 29 pull requests Successful merges: - rust-lang#135733 (Implement `&pin const self` and `&pin mut self` sugars) - rust-lang#137107 (Override default `Write` methods for cursor-like types) - rust-lang#137303 (Remove `MaybeForgetReturn` suggestion) - rust-lang#137327 (Undeprecate env::home_dir) - rust-lang#137358 (Match Ergonomics 2024: add context and examples to the unstable book) - rust-lang#137534 ([rustdoc] hide item that is not marked as doc(inline) and whose src is doc(hidden)) - rust-lang#137565 (Try to point of macro expansion from resolver and method errors if it involves macro var) - rust-lang#137612 (Update bootstrap to edition 2024) - rust-lang#137637 (Check dyn flavor before registering upcast goal on wide pointer cast in MIR typeck) - rust-lang#137643 (Add DWARF test case for non-C-like `repr128` enums) - rust-lang#137685 (self-contained linker: conservatively default to `-znostart-stop-gc` on x64 linux) - rust-lang#137744 (Re-add `Clone`-derive on `Thir`) - rust-lang#137758 (fix usage of ty decl macro fragments in attributes) - rust-lang#137764 (Ensure that negative auto impls are always applicable) - rust-lang#137772 (Fix char count in `Display` for `ByteStr`) - rust-lang#137798 (ci: use ubuntu 24 on arm large runner) - rust-lang#137802 (miri native-call support: all previously exposed provenance is accessible to the callee) - rust-lang#137805 (adjust Layout debug printing to match the internal field name) - rust-lang#137808 (Do not require that unsafe fields lack drop glue) - rust-lang#137820 (Clarify why InhabitedPredicate::instantiate_opt exists) - rust-lang#137825 (Provide more context on resolve error caused from incorrect RTN) - rust-lang#137827 (Add timestamp to unstable feature usage metrics) - rust-lang#137832 (Fix crash in BufReader::peek()) - rust-lang#137910 (Improve error message for `AsyncFn` trait failure for RPIT) - rust-lang#137920 (interpret/provenance_map: consistently use range_is_empty) - rust-lang#138038 (Update `compiler-builtins` to 0.1.151) - rust-lang#138046 (trim channel value in `get_closest_merge_commit`) - rust-lang#138052 (strip `-Wlinker-messages` wrappers from `rust-lld` rmake test) - rust-lang#138053 (Increase the max. custom try jobs requested to `20`) r? `@ghost` `@rustbot` modify labels: rollup
jieyouxu
added a commit
to jieyouxu/rust
that referenced
this pull request
Mar 5, 2025
Fix crash in BufReader::peek() `bufreader_peek` tracking issue: rust-lang#128405 This fixes a logic error in `Buffer::read_more()` that would make `BufReader::peek()` expose uninitialized data and/or segfault if `read_more()` was called with a partially-full buffer and a non-empty inner reader.
workingjubilee
added a commit
to workingjubilee/rustc
that referenced
this pull request
Mar 7, 2025
Fix crash in BufReader::peek() `bufreader_peek` tracking issue: rust-lang#128405 This fixes a logic error in `Buffer::read_more()` that would make `BufReader::peek()` expose uninitialized data and/or segfault if `read_more()` was called with a partially-full buffer and a non-empty inner reader.
bors
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Mar 7, 2025
…kingjubilee Rollup of 12 pull requests Successful merges: - rust-lang#136667 (Revert vita's c_char back to i8) - rust-lang#136780 (std: move stdio to `sys`) - rust-lang#137107 (Override default `Write` methods for cursor-like types) - rust-lang#137363 (compiler: factor Windows x86-32 ABI impl into its own file) - rust-lang#137528 (Windows: Fix error in `fs::rename` on Windows 1607) - rust-lang#137537 (Prevent `rmake.rs` from using unstable features, and fix 3 run-make tests that currently do) - rust-lang#137777 (Specialize `OsString::push` and `OsString as From` for UTF-8) - rust-lang#137832 (Fix crash in BufReader::peek()) - rust-lang#137904 (Improve the generic MIR in the default `PartialOrd::le` and friends) - rust-lang#138115 (Suggest typo fix for static lifetime) - rust-lang#138125 (Simplify `printf` and shell format suggestions) - rust-lang#138129 (Stabilize const_char_classify, const_sockaddr_setters) r? `@ghost` `@rustbot` modify labels: rollup
jhpratt
added a commit
to jhpratt/rust
that referenced
this pull request
Mar 7, 2025
Fix crash in BufReader::peek() `bufreader_peek` tracking issue: rust-lang#128405 This fixes a logic error in `Buffer::read_more()` that would make `BufReader::peek()` expose uninitialized data and/or segfault if `read_more()` was called with a partially-full buffer and a non-empty inner reader.
bors
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Mar 7, 2025
…iaskrgr Rollup of 8 pull requests Successful merges: - rust-lang#136667 (Revert vita's c_char back to i8) - rust-lang#137107 (Override default `Write` methods for cursor-like types) - rust-lang#137777 (Specialize `OsString::push` and `OsString as From` for UTF-8) - rust-lang#137832 (Fix crash in BufReader::peek()) - rust-lang#137904 (Improve the generic MIR in the default `PartialOrd::le` and friends) - rust-lang#138115 (Suggest typo fix for static lifetime) - rust-lang#138125 (Simplify `printf` and shell format suggestions) - rust-lang#138129 (Stabilize const_char_classify, const_sockaddr_setters) r? `@ghost` `@rustbot` modify labels: rollup
rust-timer
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Mar 7, 2025
Rollup merge of rust-lang#137832 - wgwoods:fix-bufreader-peek, r=joboet Fix crash in BufReader::peek() `bufreader_peek` tracking issue: rust-lang#128405 This fixes a logic error in `Buffer::read_more()` that would make `BufReader::peek()` expose uninitialized data and/or segfault if `read_more()` was called with a partially-full buffer and a non-empty inner reader.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
bufreader_peektracking issue: #128405This fixes a logic error in
Buffer::read_more()that would makeBufReader::peek()expose uninitialized data and/or segfault ifread_more()was called with a partially-full buffer and a non-empty inner reader.