From d0a2b7a7bd88f1d0990badf25663e764b520810b Mon Sep 17 00:00:00 2001 From: Ahmed Charles Date: Mon, 26 Feb 2024 04:58:57 -0800 Subject: [PATCH] fix: invalid allocation requests Invalid data can lead to allocating too much memory. Only preallocate up to 1024 `Value` objects. Fixes: #115 Signed-off-by: Ahmed Charles --- ciborium/src/value/de.rs | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/ciborium/src/value/de.rs b/ciborium/src/value/de.rs index 256c09c..ece9093 100644 --- a/ciborium/src/value/de.rs +++ b/ciborium/src/value/de.rs @@ -3,7 +3,7 @@ use super::{Error, Integer, Value}; use alloc::{boxed::Box, string::String, vec::Vec}; -use core::iter::Peekable; +use core::{iter::Peekable, mem::size_of}; use ciborium_ll::tag; use serde::de::{self, Deserializer as _}; @@ -124,7 +124,9 @@ impl<'de> serde::de::Visitor<'de> for Visitor { #[inline] fn visit_map>(self, mut acc: A) -> Result { - let mut map = Vec::<(Value, Value)>::with_capacity(acc.size_hint().unwrap_or(0)); + let mut map = Vec::<(Value, Value)>::with_capacity( + acc.size_hint().filter(|&l| l < 1024).unwrap_or(0), + ); while let Some(kv) = acc.next_entry()? { map.push(kv);