|
| 1 | +From d0293b0e35838123c51ca5dfdf468ecafee4398f Mon Sep 17 00:00:00 2001 |
| 2 | +From: Alice Ryhl <aliceryhl@google.com> |
| 3 | +Date: Tue, 3 Feb 2026 14:40:22 +0100 |
| 4 | +Subject: [PATCH] Merge commit from fork |
| 5 | + |
| 6 | +* Add repro for integer overflow |
| 7 | + |
| 8 | +Signed-off-by: Alice Ryhl <aliceryhl@google.com> |
| 9 | + |
| 10 | +* Always check overflow in new_cap + offset |
| 11 | + |
| 12 | +Signed-off-by: Alice Ryhl <aliceryhl@google.com> |
| 13 | + |
| 14 | +--------- |
| 15 | + |
| 16 | +Signed-off-by: Alice Ryhl <aliceryhl@google.com> |
| 17 | + |
| 18 | +Upstream Patch Reference: https://github.com/tokio-rs/bytes/commit/d0293b0e35838123c51ca5dfdf468ecafee4398f.patch |
| 19 | +--- |
| 20 | + .../vendor/bytes/.cargo-checksum.json | 2 +- |
| 21 | + azl-compliance/vendor/bytes/ci/miri.sh | 3 +++ |
| 22 | + azl-compliance/vendor/bytes/src/bytes_mut.rs | 20 ++++++++++--------- |
| 23 | + .../vendor/bytes/tests/test_bytes.rs | 13 ++++++++++++ |
| 24 | + 4 files changed, 28 insertions(+), 10 deletions(-) |
| 25 | + |
| 26 | +diff --git a/azl-compliance/vendor/bytes/.cargo-checksum.json b/azl-compliance/vendor/bytes/.cargo-checksum.json |
| 27 | +index b484945..ac7ab16 100644 |
| 28 | +--- a/azl-compliance/vendor/bytes/.cargo-checksum.json |
| 29 | ++++ b/azl-compliance/vendor/bytes/.cargo-checksum.json |
| 30 | +@@ -1 +1 @@ |
| 31 | +-{"files":{"CHANGELOG.md":"84942cc0550e088aaaa1ddc18ba6ebd5c8e16f67be301923068e2448d3487dc9","Cargo.toml":"ff6380f46c7f9dfe722478b9e0d85588776fa8c00d0bcdc411e9aa2a2153e2ab","LICENSE":"45f522cacecb1023856e46df79ca625dfc550c94910078bd8aec6e02880b3d42","README.md":"c1b2b54999d4829f9f64fb41cbdf05a72d565be0dd078a8633d34631147498a1","SECURITY.md":"a3335079977c2f13bad59e323fdc1056bdae5adfe55f18d15ac2c930d741828c","benches/buf.rs":"72e6b6120b52d568da068f17c66a793d65602e400c595778581b63092e41d8dc","benches/bytes.rs":"f8cc255be7e8afedf6ade95cd529d105c537c5ec51110d46d470a26b497afa05","benches/bytes_mut.rs":"1326fe6224b26826228e02b4133151e756f38152c2d9cfe66adf83af76c3ec98","ci/miri.sh":"1ee54575b55a0e495e52ca1a934beed674bc8f375f03c4cfc3e81d221ec4fe98","ci/test-stable.sh":"b21b9265d8d65c1f3d50c64e40d41c66a870d897325119d1f78d601727bbb562","ci/tsan.sh":"466b86b19225dd26c756cf2252cb1973f87a145642c99364b462ed7ceb55c7dd","clippy.toml":"8522f448dfa3b33ac334ce47d233ebb6b58e8ae115e45107a64fc1b4510fe560","src/buf/buf_impl.rs":"21b9394ae2def1434173174af15d572934643f7d9ace88b7601490ecc9e3a761","src/buf/buf_mut.rs":"96ba9440008b744de8fbffe9c271c383b7f86100984941c6b081d265bc6ef34c","src/buf/chain.rs":"c933958f04c4ecd39a18db34c04ea51cc601180d43ee6924fed2fb44b96fe8c7","src/buf/iter.rs":"d4dca5b7f9b1cb441f22ac1862e28b10086721879163a810955aefb5cd7f3e58","src/buf/limit.rs":"e005ba140b70f68654877c96b981a220477e415ff5c92438c1b0cb9bc866d872","src/buf/mod.rs":"3f60295316d44b510b942abb31a0d975ae488bd4b52c87f5252d73f88f82715a","src/buf/reader.rs":"cda8bc221a1de06c7395d5c6e80f8a5924198eafbc2decc0909082ce8781d789","src/buf/take.rs":"ce7f4644986797dae3e6bdaa8f65c8ff0a9b0d4b80f749c735ed4777b96dcb2c","src/buf/uninit_slice.rs":"ce0029ebe6fd76617a457676e581c756d6026bb02b9c24718286668b962c23a1","src/buf/vec_deque.rs":"8d552c26ac6ce28a471f74c388e4749432e86b1d8f5a9759b9fc32a2549d395f","src/buf/writer.rs":"7589e9ea054d01d133b230130113a2de20b4f221a5e5c754809b583052601ea2","src/bytes.rs":"f7b1e4524e01a4514c0e0f879e1ab9e5d23e2bb0892bc43a5cee08ef2d53b368","src/bytes_mut.rs":"5b8f4af23b03d1586eaa0a7b3b10f112c5c8995f1ab458c23dea842298c3cafe","src/fmt/debug.rs":"97b23cfa1d2701fa187005421302eeb260e635cd4f9a9e02b044ff89fcc8b8ad","src/fmt/hex.rs":"13755ec6f1b79923e1f1a05c51b179a38c03c40bb8ed2db0210e8901812e61e7","src/fmt/mod.rs":"176da4e359da99b8e5cf16e480cb7b978f574876827f1b9bb9c08da4d74ac0f5","src/lib.rs":"ec51841d3e7caaa05e503f217aec405c56a0a9185ab9e0df1d335da9af71ad58","src/loom.rs":"eb3f577d8cce39a84155c241c4dc308f024631f02085833f7fe9f0ea817bcea9","src/serde.rs":"3ecd7e828cd4c2b7db93c807cb1548fad209e674df493edf7cda69a7b04d405d","tests/test_buf.rs":"a7be350258f0433cfb9ba9e4583d6bb356c964ac34a781f586fd78fbd2c4bb02","tests/test_buf_mut.rs":"3e6a12a4f546dbf1a0e1346ab2b7ff707fdaf01a06b21714ca64b141484a76c3","tests/test_bytes.rs":"be820ef74daef8c15aeb80aa94bddd2140c525f0f194b7179b5e56da1781d522","tests/test_bytes_odd_alloc.rs":"aeb7a86bf8b31f67b6f453399f3649e0d3878247debc1325d98e66201b1da15f","tests/test_bytes_vec_alloc.rs":"dd7e3c3a71abcfdcad7e3b2f52a6bd106ad6ea0d4bc634372e81dae097233cf0","tests/test_chain.rs":"e9f094539bb42b3135f50033c44122a6b44cf0f953e51e8b488f43243f1e7f10","tests/test_debug.rs":"13299107172809e8cbbd823964ac9450cd0d6b6de79f2e6a2e0f44b9225a0593","tests/test_iter.rs":"c1f46823df26a90139645fd8728a03138edd95b2849dfec830452a80ddd9726d","tests/test_reader.rs":"bf83669d4e0960dad6aa47b46a9a454814fab626eb83572aba914c3d71618f43","tests/test_serde.rs":"2691f891796ba259de0ecf926de05c514f4912cc5fcd3e6a1591efbcd23ed4d0","tests/test_take.rs":"db01bf6855097f318336e90d12c0725a92cee426d330e477a6bd1d32dac34a27"},"package":"514de17de45fdb8dc022b1a7975556c53c86f9f0aa5f534b98977b171857c2c9"} |
| 32 | +\ No newline at end of file |
| 33 | ++{"files":{"CHANGELOG.md":"84942cc0550e088aaaa1ddc18ba6ebd5c8e16f67be301923068e2448d3487dc9","Cargo.toml":"ff6380f46c7f9dfe722478b9e0d85588776fa8c00d0bcdc411e9aa2a2153e2ab","LICENSE":"45f522cacecb1023856e46df79ca625dfc550c94910078bd8aec6e02880b3d42","README.md":"c1b2b54999d4829f9f64fb41cbdf05a72d565be0dd078a8633d34631147498a1","SECURITY.md":"a3335079977c2f13bad59e323fdc1056bdae5adfe55f18d15ac2c930d741828c","benches/buf.rs":"72e6b6120b52d568da068f17c66a793d65602e400c595778581b63092e41d8dc","benches/bytes.rs":"f8cc255be7e8afedf6ade95cd529d105c537c5ec51110d46d470a26b497afa05","benches/bytes_mut.rs":"1326fe6224b26826228e02b4133151e756f38152c2d9cfe66adf83af76c3ec98","ci/miri.sh":"b74d80448f1631b76521be77553eff3eba70d516c218fd6994e201034d7fe175","ci/test-stable.sh":"b21b9265d8d65c1f3d50c64e40d41c66a870d897325119d1f78d601727bbb562","ci/tsan.sh":"466b86b19225dd26c756cf2252cb1973f87a145642c99364b462ed7ceb55c7dd","clippy.toml":"8522f448dfa3b33ac334ce47d233ebb6b58e8ae115e45107a64fc1b4510fe560","src/buf/buf_impl.rs":"21b9394ae2def1434173174af15d572934643f7d9ace88b7601490ecc9e3a761","src/buf/buf_mut.rs":"96ba9440008b744de8fbffe9c271c383b7f86100984941c6b081d265bc6ef34c","src/buf/chain.rs":"c933958f04c4ecd39a18db34c04ea51cc601180d43ee6924fed2fb44b96fe8c7","src/buf/iter.rs":"d4dca5b7f9b1cb441f22ac1862e28b10086721879163a810955aefb5cd7f3e58","src/buf/limit.rs":"e005ba140b70f68654877c96b981a220477e415ff5c92438c1b0cb9bc866d872","src/buf/mod.rs":"3f60295316d44b510b942abb31a0d975ae488bd4b52c87f5252d73f88f82715a","src/buf/reader.rs":"cda8bc221a1de06c7395d5c6e80f8a5924198eafbc2decc0909082ce8781d789","src/buf/take.rs":"ce7f4644986797dae3e6bdaa8f65c8ff0a9b0d4b80f749c735ed4777b96dcb2c","src/buf/uninit_slice.rs":"ce0029ebe6fd76617a457676e581c756d6026bb02b9c24718286668b962c23a1","src/buf/vec_deque.rs":"8d552c26ac6ce28a471f74c388e4749432e86b1d8f5a9759b9fc32a2549d395f","src/buf/writer.rs":"7589e9ea054d01d133b230130113a2de20b4f221a5e5c754809b583052601ea2","src/bytes.rs":"f7b1e4524e01a4514c0e0f879e1ab9e5d23e2bb0892bc43a5cee08ef2d53b368","src/bytes_mut.rs":"f4be08493226096bef0c3db3d700d185d4b971d72ff420aad2ec03673c249d3c","src/fmt/debug.rs":"97b23cfa1d2701fa187005421302eeb260e635cd4f9a9e02b044ff89fcc8b8ad","src/fmt/hex.rs":"13755ec6f1b79923e1f1a05c51b179a38c03c40bb8ed2db0210e8901812e61e7","src/fmt/mod.rs":"176da4e359da99b8e5cf16e480cb7b978f574876827f1b9bb9c08da4d74ac0f5","src/lib.rs":"ec51841d3e7caaa05e503f217aec405c56a0a9185ab9e0df1d335da9af71ad58","src/loom.rs":"eb3f577d8cce39a84155c241c4dc308f024631f02085833f7fe9f0ea817bcea9","src/serde.rs":"3ecd7e828cd4c2b7db93c807cb1548fad209e674df493edf7cda69a7b04d405d","tests/test_buf.rs":"a7be350258f0433cfb9ba9e4583d6bb356c964ac34a781f586fd78fbd2c4bb02","tests/test_buf_mut.rs":"3e6a12a4f546dbf1a0e1346ab2b7ff707fdaf01a06b21714ca64b141484a76c3","tests/test_bytes.rs":"aa919af0c33c2bef50574fd24423cd902026a1b42b635e20dce21f94d0f1f75a","tests/test_bytes_odd_alloc.rs":"aeb7a86bf8b31f67b6f453399f3649e0d3878247debc1325d98e66201b1da15f","tests/test_bytes_vec_alloc.rs":"dd7e3c3a71abcfdcad7e3b2f52a6bd106ad6ea0d4bc634372e81dae097233cf0","tests/test_chain.rs":"e9f094539bb42b3135f50033c44122a6b44cf0f953e51e8b488f43243f1e7f10","tests/test_debug.rs":"13299107172809e8cbbd823964ac9450cd0d6b6de79f2e6a2e0f44b9225a0593","tests/test_iter.rs":"c1f46823df26a90139645fd8728a03138edd95b2849dfec830452a80ddd9726d","tests/test_reader.rs":"bf83669d4e0960dad6aa47b46a9a454814fab626eb83572aba914c3d71618f43","tests/test_serde.rs":"2691f891796ba259de0ecf926de05c514f4912cc5fcd3e6a1591efbcd23ed4d0","tests/test_take.rs":"db01bf6855097f318336e90d12c0725a92cee426d330e477a6bd1d32dac34a27"},"package":"514de17de45fdb8dc022b1a7975556c53c86f9f0aa5f534b98977b171857c2c9"} |
| 34 | +diff --git a/azl-compliance/vendor/bytes/ci/miri.sh b/azl-compliance/vendor/bytes/ci/miri.sh |
| 35 | +index 0158756..161d581 100755 |
| 36 | +--- a/azl-compliance/vendor/bytes/ci/miri.sh |
| 37 | ++++ b/azl-compliance/vendor/bytes/ci/miri.sh |
| 38 | +@@ -9,3 +9,6 @@ export MIRIFLAGS="-Zmiri-strict-provenance" |
| 39 | + |
| 40 | + cargo miri test |
| 41 | + cargo miri test --target mips64-unknown-linux-gnuabi64 |
| 42 | ++ |
| 43 | ++# run with wrapping integer overflow instead of panic |
| 44 | ++cargo miri test --release |
| 45 | +diff --git a/azl-compliance/vendor/bytes/src/bytes_mut.rs b/azl-compliance/vendor/bytes/src/bytes_mut.rs |
| 46 | +index 282aaa7..95d98ff 100644 |
| 47 | +--- a/azl-compliance/vendor/bytes/src/bytes_mut.rs |
| 48 | ++++ b/azl-compliance/vendor/bytes/src/bytes_mut.rs |
| 49 | +@@ -670,9 +670,14 @@ impl BytesMut { |
| 50 | + |
| 51 | + let offset = offset_from(self.ptr.as_ptr(), ptr); |
| 52 | + |
| 53 | ++ let new_cap_plus_offset = match new_cap.checked_add(offset) { |
| 54 | ++ Some(new_cap_plus_offset) => new_cap_plus_offset, |
| 55 | ++ None => panic!("overflow"), |
| 56 | ++ }; |
| 57 | ++ |
| 58 | + // Compare the condition in the `kind == KIND_VEC` case above |
| 59 | + // for more details. |
| 60 | +- if v_capacity >= new_cap + offset { |
| 61 | ++ if v_capacity >= new_cap_plus_offset { |
| 62 | + self.cap = new_cap; |
| 63 | + // no copy is necessary |
| 64 | + } else if v_capacity >= new_cap && offset >= len { |
| 65 | +@@ -685,14 +690,11 @@ impl BytesMut { |
| 66 | + self.ptr = vptr(ptr); |
| 67 | + self.cap = v.capacity(); |
| 68 | + } else { |
| 69 | +- // calculate offset |
| 70 | +- let off = (self.ptr.as_ptr() as usize) - (v.as_ptr() as usize); |
| 71 | +- |
| 72 | + // new_cap is calculated in terms of `BytesMut`, not the underlying |
| 73 | + // `Vec`, so it does not take the offset into account. |
| 74 | + // |
| 75 | + // Thus we have to manually add it here. |
| 76 | +- new_cap = new_cap.checked_add(off).expect("overflow"); |
| 77 | ++ new_cap = new_cap_plus_offset; |
| 78 | + |
| 79 | + // The vector capacity is not sufficient. The reserve request is |
| 80 | + // asking for more than the initial buffer capacity. Allocate more |
| 81 | +@@ -714,13 +716,13 @@ impl BytesMut { |
| 82 | + // the unused capacity of the vector is copied over to the new |
| 83 | + // allocation, so we need to ensure that we don't have any data we |
| 84 | + // care about in the unused capacity before calling `reserve`. |
| 85 | +- debug_assert!(off + len <= v.capacity()); |
| 86 | +- v.set_len(off + len); |
| 87 | ++ debug_assert!(offset + len <= v.capacity()); |
| 88 | ++ v.set_len(offset + len); |
| 89 | + v.reserve(new_cap - v.len()); |
| 90 | + |
| 91 | + // Update the info |
| 92 | +- self.ptr = vptr(v.as_mut_ptr().add(off)); |
| 93 | +- self.cap = v.capacity() - off; |
| 94 | ++ self.ptr = vptr(v.as_mut_ptr().add(offset)); |
| 95 | ++ self.cap = v.capacity() - offset; |
| 96 | + } |
| 97 | + |
| 98 | + return; |
| 99 | +diff --git a/azl-compliance/vendor/bytes/tests/test_bytes.rs b/azl-compliance/vendor/bytes/tests/test_bytes.rs |
| 100 | +index 84c3d5a..ecaa916 100644 |
| 101 | +--- a/azl-compliance/vendor/bytes/tests/test_bytes.rs |
| 102 | ++++ b/azl-compliance/vendor/bytes/tests/test_bytes.rs |
| 103 | +@@ -1172,3 +1172,16 @@ fn shared_is_unique() { |
| 104 | + drop(b); |
| 105 | + assert!(c.is_unique()); |
| 106 | + } |
| 107 | ++ |
| 108 | ++#[test] |
| 109 | ++#[should_panic] |
| 110 | ++fn bytes_mut_reserve_overflow() { |
| 111 | ++ let mut a = BytesMut::from(&b"hello world"[..]); |
| 112 | ++ let mut b = a.split_off(5); |
| 113 | ++ // Ensure b becomes the unique owner of the backing storage |
| 114 | ++ drop(a); |
| 115 | ++ // Trigger overflow in new_cap + offset inside reserve |
| 116 | ++ b.reserve(usize::MAX - 6); |
| 117 | ++ // This call relies on the corrupted cap and may cause UB & HBO |
| 118 | ++ b.put_u8(b'h'); |
| 119 | ++} |
| 120 | +-- |
| 121 | +2.45.4 |
| 122 | + |
0 commit comments