From a1ed1842172ddbaceb0a5a428288f94e04870b3a Mon Sep 17 00:00:00 2001 From: Carter Snook Date: Sat, 16 Sep 2023 21:04:29 -0500 Subject: [PATCH 1/2] fix: overflow panics on interesting patches The `patch` function would sometimes panic when certain inputs was passed into it. This fixes the issue using the saturating arithmetic functions. --- src/patch.rs | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/patch.rs b/src/patch.rs index 91be75e..a7f4855 100644 --- a/src/patch.rs +++ b/src/patch.rs @@ -35,7 +35,7 @@ use std::io::Read; /// /// `old` is the old file, `patch` will be read from with the patch,`new` is the buffer that will be written into. pub fn patch(old: &[u8], patch: &mut T, new: &mut Vec) -> io::Result<()> { - let mut oldpos = 0; + let mut oldpos: usize = 0; loop { // Read control data let mut buf = [0; 24]; @@ -49,7 +49,7 @@ pub fn patch(old: &[u8], patch: &mut T, new: &mut Vec) -> io::Resul let seek_len = offtin(buf[16..24].try_into().unwrap()); // Read diff string and literal data at once - let to_read = copy_len + mix_len; + let to_read = copy_len.saturating_add(mix_len); let mix_start = new.len(); let has_read = patch.take(to_read as u64).read_to_end(new)?; @@ -58,15 +58,15 @@ pub fn patch(old: &[u8], patch: &mut T, new: &mut Vec) -> io::Resul return Err(io::ErrorKind::UnexpectedEof.into()); } - let mix_slice = new.get_mut(mix_start..mix_start + mix_len).ok_or(io::ErrorKind::UnexpectedEof)?; - let old_slice = old.get(oldpos..oldpos + mix_len).ok_or(io::ErrorKind::UnexpectedEof)?; + let mix_slice = new.get_mut(mix_start..mix_start.saturating_add(mix_len)).ok_or(io::ErrorKind::UnexpectedEof)?; + let old_slice = old.get(oldpos..oldpos.saturating_add(mix_len)).ok_or(io::ErrorKind::UnexpectedEof)?; for (n, o) in mix_slice.iter_mut().zip(old_slice) { *n = n.wrapping_add(*o); } // Adjust pointers oldpos += mix_len; - oldpos = (oldpos as i64 + seek_len) as usize; + oldpos = (oldpos as i64).saturating_add(seek_len) as usize; } } From 7170c8353899b00ba448f6b8599a28e11154ada1 Mon Sep 17 00:00:00 2001 From: Carter Snook Date: Mon, 18 Sep 2023 14:14:18 -0500 Subject: [PATCH 2/2] refactor: use error for overflow Reworks the overflow handling to return an error instead of using the saturating arithmetic strategy. --- src/patch.rs | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/src/patch.rs b/src/patch.rs index a7f4855..c993638 100644 --- a/src/patch.rs +++ b/src/patch.rs @@ -49,7 +49,9 @@ pub fn patch(old: &[u8], patch: &mut T, new: &mut Vec) -> io::Resul let seek_len = offtin(buf[16..24].try_into().unwrap()); // Read diff string and literal data at once - let to_read = copy_len.saturating_add(mix_len); + let to_read = copy_len + .checked_add(mix_len) + .ok_or(io::Error::from(io::ErrorKind::InvalidData))?; let mix_start = new.len(); let has_read = patch.take(to_read as u64).read_to_end(new)?; @@ -58,15 +60,31 @@ pub fn patch(old: &[u8], patch: &mut T, new: &mut Vec) -> io::Resul return Err(io::ErrorKind::UnexpectedEof.into()); } - let mix_slice = new.get_mut(mix_start..mix_start.saturating_add(mix_len)).ok_or(io::ErrorKind::UnexpectedEof)?; - let old_slice = old.get(oldpos..oldpos.saturating_add(mix_len)).ok_or(io::ErrorKind::UnexpectedEof)?; + let mix_slice = new + .get_mut( + mix_start + ..mix_start + .checked_add(mix_len) + .ok_or(io::Error::from(io::ErrorKind::InvalidData))?, + ) + .ok_or(io::ErrorKind::UnexpectedEof)?; + let old_slice = old + .get( + oldpos + ..oldpos + .checked_add(mix_len) + .ok_or(io::Error::from(io::ErrorKind::InvalidData))?, + ) + .ok_or(io::ErrorKind::UnexpectedEof)?; for (n, o) in mix_slice.iter_mut().zip(old_slice) { *n = n.wrapping_add(*o); } // Adjust pointers oldpos += mix_len; - oldpos = (oldpos as i64).saturating_add(seek_len) as usize; + oldpos = (oldpos as i64) + .checked_add(seek_len) + .ok_or(io::Error::from(io::ErrorKind::InvalidData))? as usize; } }