Fix potential vulnerability (#1)

- Implementations of Read still can try to read `buf` on `read`, even though they shouldn't - also derive Debug and Clone for GreedyAccessReader - all uses of unsafe were removed
Enet4 · Jan 3, 2021 · aabf556 · aabf556
1 parent ff2b299
commit aabf556
Showing 1 changed file with 7 additions and 18 deletions.
diff --git a/src/greedy.rs b/src/greedy.rs
@@ -15,6 +15,7 @@ use std::ops::RangeBounds;
 /// [`std::io::BufReader`]: https://doc.rust-lang.org/std/io/struct.BufReader.html
 /// [`new`]: ./struct.GreedyAccessReader.html#method.new
 /// [`with_capacity`]: ./struct.GreedyAccessReader.html#method.with_capacity
+#[derive(Debug, Clone)]
 pub struct GreedyAccessReader<R> {
     inner: R,
     buf: Vec<u8>,
@@ -197,26 +198,14 @@ where
         }
 
         let b = self.buf.len();
-        let buf = unsafe {
-            // safe because it's within the buffer's limits
-            // and we won't be reading uninitialized memory
-            std::slice::from_raw_parts_mut(
-                self.buf.as_mut_ptr().add(b),
-                self.buf.capacity() - b)
-        };
+        self.buf.resize(self.buf.capacity(), 0);
+        let buf = &mut self.buf[b..];
+        let o = self.inner.read(buf)?;
 
-        match self.inner.read(buf) {
-            Ok(o) => {
-                unsafe {
-                    // reset the size to include the written portion,
-                    // safe because the extra data is initialized
-                    self.buf.set_len(b + o);
-                }
+        // truncate to exclude non-written portion
+        self.buf.truncate(b + o);
 
-                Ok(&self.buf[self.consumed..])
-            }
-            Err(e) => Err(e),
-        }
+        Ok(&self.buf[self.consumed..])
     }
 
     fn consume(&mut self, amt: usize) {