Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix integer overflow in BlobVec::reserve_exact #11234

Merged
merged 1 commit into from
Jan 6, 2024

Conversation

stepancheg
Copy link
Contributor

Objective

When BlobVec::reserve is called with an argument causing capacity overflow, in release build capacity overflow is ignored, and capacity is decreased.

I'm not sure it is possible to exploit this issue using public API of bevy_ecs, but better fix it anyway.

Solution

Check for capacity overflow.

@matiqo15 matiqo15 added C-Bug An unexpected or incorrect behavior A-ECS Entities, components, systems, and events labels Jan 6, 2024
@james7132 james7132 added this pull request to the merge queue Jan 6, 2024
Merged via the queue into bevyengine:main with commit a35a151 Jan 6, 2024
25 checks passed
@stepancheg stepancheg deleted the blob-vec-cap-overflow branch January 6, 2024 19:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
A-ECS Entities, components, systems, and events C-Bug An unexpected or incorrect behavior
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants