From a46b2b8e7aafd23a4d3850d4de6653e363fd0813 Mon Sep 17 00:00:00 2001
From: Corey Richardson <corey@octayn.net>
Date: Mon, 11 Nov 2013 05:45:30 -0500
Subject: [PATCH] vec: with_capacity: check for overflow

Fixes #10271
---
 src/libstd/vec.rs | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/libstd/vec.rs b/src/libstd/vec.rs
index 055b0b92121af..c2aa4c234d1b7 100644
--- a/src/libstd/vec.rs
+++ b/src/libstd/vec.rs
@@ -186,7 +186,11 @@ pub fn with_capacity<T>(capacity: uint) -> ~[T] {
             vec
         } else {
             let alloc = capacity * mem::nonzero_size_of::<T>();
-            let ptr = malloc_raw(alloc + mem::size_of::<Vec<()>>()) as *mut Vec<()>;
+            let size = alloc + mem::size_of::<Vec<()>>();
+            if alloc / mem::nonzero_size_of::<T>() != capacity || size < alloc {
+                fail!("vector size is too large: {}", capacity);
+            }
+            let ptr = malloc_raw(size) as *mut Vec<()>;
             (*ptr).alloc = alloc;
             (*ptr).fill = 0;
             cast::transmute(ptr)