Skip to content

Segfault when calling string repeat with negative argument #15482

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Closed
ogham opened this issue Jul 6, 2014 · 3 comments
Closed

Segfault when calling string repeat with negative argument #15482

ogham opened this issue Jul 6, 2014 · 3 comments

Comments

@ogham
Copy link
Contributor

ogham commented Jul 6, 2014

I was writing some code to pad strings, and if I pass in a negative number of spaces to add, it compiles fine but segmentation faults at runtime. The following code is enough to trigger it:

fn main() {
    "goodbye".to_string().repeat(-1);
}
@schmee
Copy link
Contributor

schmee commented Jul 6, 2014

Since uint wraps around, the example above is equivalent to "goodbye".to_string().repeat(18446744073709551615);. The problem is in Vec::with_capacity. Since uint wraps around this doesn't get caught by checked_mul and it then tries to allocate 18446744073709551609 bytes of memory.

@thestinger
Copy link
Contributor

I don't think this is a bug, it's just a run of the mill out-of-memory error.

#14165 covers adding a warning for this case.

@bluss
Copy link
Member

bluss commented Jul 6, 2014

It's actually a dup of #15123

@huonw huonw mentioned this issue Jul 25, 2014
Closed
bors added a commit to rust-lang-ci/rust that referenced this issue Aug 21, 2023
@bors
Auto merge of rust-lang#15482 - matklad:🪄deblobify, r=Veykril
904b326 
fix: avoid problematic serde release

serde 1.0.172 and up rely on opaque non-reproducible binary blobs to function, explicitly not providing a library-level opt-out.

This is problematic for two reasons:

- directly, unauditable binary blobs are a security issue.
- indirectly, it becomes much harder to predict future behaviors of the crate.

As such, I am willing to go on a limb here and forbid building rust-analyzer with those versions of serde. Normally, my philosophy is to defer the choice to the end user, but it's also a design constraint of rust-analyzer that we don't run random binaries downloaded from the internet without explicit user's concent.

Concretely, this upper-bounds serde for both rust-analyzer workspace, as well as the lsp-server lib.

See serde-rs/serde#2538 for wider context.
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ogham @thestinger @bluss @schmee