From: Rob Pike <r@golang.org>
Date: Sat, 19 Sep 2015 18:39:22 +0000 (-0700)
Subject: bufio: fix overflow calculation in Scan
X-Git-Tag: go1.6beta1~1022
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=7b5af511a51e5ca4ed751c8ce4c8eb40f5292e35;p=gostls13.git

bufio: fix overflow calculation in Scan

I was being too clever, as usual. Write the obvious code to make sure
that when we grow the buffer we don't overflow.

Change-Id: I1641831177b0bb8a89ab6e9bcabccf6c2fcfe1d2
Reviewed-on: https://go-review.googlesource.com/14781
Reviewed-by: Minux Ma <minux@golang.org>
---

diff --git a/src/bufio/scan.go b/src/bufio/scan.go
index 4f06f9764f..0ec584b027 100644
--- a/src/bufio/scan.go
+++ b/src/bufio/scan.go
@@ -162,11 +162,13 @@ func (s *Scanner) Scan() bool {
 		}
 		// Is the buffer full? If so, resize.
 		if s.end == len(s.buf) {
-			if len(s.buf) >= s.maxTokenSize {
+			// Guarantee no overflow in the multiplication below.
+			const maxInt = int(^uint(0) >> 1)
+			if len(s.buf) >= s.maxTokenSize || len(s.buf) > maxInt/2 {
 				s.setErr(ErrTooLong)
 				return false
 			}
-			newSize := len(s.buf) * 2 // See protection against overflow in Buffer.
+			newSize := len(s.buf) * 2
 			if newSize == 0 {
 				newSize = startBufSize
 			}
@@ -238,12 +240,6 @@ func (s *Scanner) Buffer(buf []byte, max int) {
 		panic("Buffer called after Scan")
 	}
 	s.buf = buf[0:cap(buf)]
-	// Guarantee no overflow: we multiply len(s.buf) by two in Scan,
-	// but only if it exceeds maxTokenSize.
-	const maxInt = int(^uint(0) >> 1)
-	if max > maxInt {
-		max = maxInt
-	}
 	s.maxTokenSize = max
 }