From a4c738a9f326c9177aa1b7f12e1c5c1505ecc6ba Mon Sep 17 00:00:00 2001
From: Anthony Ramine <n.oxyde@gmail.com>
Date: Sun, 19 Feb 2017 14:29:41 +0100
Subject: [PATCH] Clamp hints coming from untrusted input to 4096

---
 serde/src/bytes.rs      | 3 ++-
 serde/src/de/content.rs | 7 ++++---
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/serde/src/bytes.rs b/serde/src/bytes.rs
index 8f914839..e885d3ef 100644
--- a/serde/src/bytes.rs
+++ b/serde/src/bytes.rs
@@ -114,6 +114,7 @@ impl<'a> ser::Serialize for Bytes<'a> {
 
 #[cfg(any(feature = "std", feature = "collections"))]
 mod bytebuf {
+    use core::cmp;
     use core::ops;
     use core::fmt;
     use core::fmt::Write;
@@ -252,7 +253,7 @@ mod bytebuf {
         fn visit_seq<V>(self, mut visitor: V) -> Result<ByteBuf, V::Error>
             where V: de::SeqVisitor,
         {
-            let (len, _) = visitor.size_hint();
+            let len = cmp::min(visitor.size_hint().0, 4096);
             let mut values = Vec::with_capacity(len);
 
             while let Some(value) = try!(visitor.visit()) {
diff --git a/serde/src/de/content.rs b/serde/src/de/content.rs
index fa8875c8..706bd495 100644
--- a/serde/src/de/content.rs
+++ b/serde/src/de/content.rs
@@ -10,6 +10,7 @@
 
 #![doc(hidden)]
 
+use core::cmp;
 use core::fmt;
 use core::marker::PhantomData;
 
@@ -215,7 +216,7 @@ impl<E> Visitor for ContentVisitor<E> {
     fn visit_seq<V>(self, mut visitor: V) -> Result<Self::Value, V::Error>
         where V: SeqVisitor
     {
-        let mut vec = Vec::with_capacity(visitor.size_hint().0);
+        let mut vec = Vec::with_capacity(cmp::min(visitor.size_hint().0, 4096));
         while let Some(e) = try!(visitor.visit()) {
             vec.push(e);
         }
@@ -225,7 +226,7 @@ impl<E> Visitor for ContentVisitor<E> {
     fn visit_map<V>(self, mut visitor: V) -> Result<Self::Value, V::Error>
         where V: MapVisitor
     {
-        let mut vec = Vec::with_capacity(visitor.size_hint().0);
+        let mut vec = Vec::with_capacity(cmp::min(visitor.size_hint().0, 4096));
         while let Some(kv) = try!(visitor.visit()) {
             vec.push(kv);
         }
@@ -489,7 +490,7 @@ impl<T, E> Visitor for TaggedContentVisitor<T, E>
         where V: MapVisitor
     {
         let mut tag = None;
-        let mut vec = Vec::with_capacity(visitor.size_hint().0);
+        let mut vec = Vec::with_capacity(cmp::min(visitor.size_hint().0, 4096));
         while let Some(k) = try!(visitor.visit_key_seed(TagOrContentVisitor::new(self.tag_name))) {
             match k {
                 TagOrContent::Tag => {