Auto merge of #238 - epilys:master, r=mbrubeck

Return allocation error in deserialize instead of panicking There's no way to catch allocation errors since out of memory errors cause an abort. Fail gracefully by returning the error instead of panicking. I happened upon this error when deserializing untrusted data with bincode. Bincode provides a byte limit bound but for sequences it's not possible to enforce this through serde since collection types like smallvec handle their own allocation.
servo · Nov 8, 2020 · c7af9e2 · c7af9e2
2 parents 28fb0f4 + d1394a0
commit c7af9e2
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/src/lib.rs b/src/lib.rs
@@ -233,6 +233,12 @@ pub enum CollectionAllocErr {
     },
 }
 
+impl fmt::Display for CollectionAllocErr {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        write!(f, "Allocation error: {:?}", self)
+    }
+}
+
 impl From<LayoutErr> for CollectionAllocErr {
     fn from(_: LayoutErr) -> Self {
         CollectionAllocErr::CapacityOverflow
@@ -1543,8 +1549,10 @@ where
     where
         B: SeqAccess<'de>,
     {
+        use serde::de::Error;
         let len = seq.size_hint().unwrap_or(0);
-        let mut values = SmallVec::with_capacity(len);
+        let mut values = SmallVec::new();
+        values.try_reserve(len).map_err(B::Error::custom)?;
 
         while let Some(value) = seq.next_element()? {
             values.push(value);