Add an overflow check in truncate implementation for Unix.

rust-lang · Aug 6, 2019 · 3cd9f3f · 3cd9f3f
1 parent 188ab5c
commit 3cd9f3f
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 3 deletions.
diff --git a/src/libstd/fs.rs b/src/libstd/fs.rs
@@ -468,6 +468,8 @@ impl File {
     /// # Errors
     ///
     /// This function will return an error if the file is not opened for writing.
+    /// Also, std::io::ErrorKind::InvalidInput will be returned if the desired
+    /// length would cause an overflow due to the implementation specifics.
     ///
     /// # Examples
     ///

diff --git a/src/libstd/sys/unix/fs.rs b/src/libstd/sys/unix/fs.rs
@@ -1,5 +1,6 @@
 use crate::os::unix::prelude::*;
 
+use crate::convert::TryInto;
 use crate::ffi::{CString, CStr, OsString, OsStr};
 use crate::fmt;
 use crate::io::{self, Error, ErrorKind, SeekFrom, IoSlice, IoSliceMut};
@@ -554,9 +555,14 @@ impl File {
         return crate::sys::android::ftruncate64(self.0.raw(), size);
 
         #[cfg(not(target_os = "android"))]
-        return cvt_r(|| unsafe {
-            ftruncate64(self.0.raw(), size as off64_t)
-        }).map(|_| ());
+        {
+            let size: off64_t = size
+                .try_into()
+                .map_err(|e| io::Error::new(io::ErrorKind::InvalidInput, e))?;
+            cvt_r(|| unsafe {
+                ftruncate64(self.0.raw(), size)
+            }).map(|_| ())
+        }
     }
 
     pub fn read(&self, buf: &mut [u8]) -> io::Result<usize> {