-
Notifications
You must be signed in to change notification settings - Fork 13k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Integer overflow on String::drain() with an inclusive range #72237
Comments
Since no allocation (String or otherwise) can be BTW, the same overflow is lurking in the computation of |
I've also just encountered it in |
The same bug is present in |
Nominating for discussion to see how we want to fix this (there are two or three alternatives). |
Assigning |
This was discussed during today's weekly meeting. It was decided that now is @rust-lang/libs call. Tagging again as |
also, I started a topic on the #t-libs zulip stream for this. |
Using |
I don't think |
We discussed this in the recent Libs meeting and felt that treating this case like an out-of-bounds panic was the most appropriate direction. |
This was fixed in that manner by #75207. |
I would expect this code to panic at the
drain()
becauseusize::max_value()
is an out of bounds index:Instead, it succeeds and returns an empty iterator. Looking at the implementation for
String::drain()
, I'm assuming an integer overflow happens at line 1542Included(&n) => n + 1
and the range is taken to be0..0
. Honestly, I expected the add operation itself to panic on overflow so I'm not entirely sure what the correct behaviour is here.Meta
Update: the same bug exists in
String::replace_range
.The text was updated successfully, but these errors were encountered: