From 06ef77bfef45b3eb01ab4c3ceb0fa30186de4ea0 Mon Sep 17 00:00:00 2001
From: Christian Poveda <christianpoveda@protonmail.com>
Date: Mon, 28 Oct 2019 16:44:18 -0500
Subject: [PATCH] Check for usize to i64 overflows

---
 src/shims/fs.rs | 28 +++++++++++++++++++++-------
 1 file changed, 21 insertions(+), 7 deletions(-)

diff --git a/src/shims/fs.rs b/src/shims/fs.rs
index e8c42eb9a301..2710cbacb021 100644
--- a/src/shims/fs.rs
+++ b/src/shims/fs.rs
@@ -176,12 +176,18 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, 'tcx
         if let Some(handle) = this.machine.file_handler.handles.get_mut(&fd) {
             // We want to read at most `count` bytes
             let mut bytes = vec![0; count as usize];
-            let result = handle.file.read(&mut bytes).map(|c| c as i64);
-            // If reading to `bytes` did not fail, we write those bytes to the buffer.
-            if result.is_ok() {
-                this.memory.write_bytes(buf, bytes)?;
+            let result = handle.file.read(&mut bytes);
+
+            if let Ok(c) = result {
+                // Check that we read less than `i64::MAX` bytes.
+                if c > (i64::max_value() as usize) {
+                    throw_unsup_format!("Number of read bytes {} is larger than the maximum value", c);
+                }
+                // If reading to `bytes` did not fail, we write those bytes to the buffer.
+                this.memory.write_bytes(buf, bytes)?
             }
-            this.try_unwrap_io_result(result)
+
+            this.try_unwrap_io_result(result.map(|c| c as i64))
         } else {
             this.handle_not_found()
         }
@@ -207,8 +213,16 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, 'tcx
 
         if let Some(handle) = this.machine.file_handler.handles.get_mut(&fd) {
             let bytes = this.memory.read_bytes(buf, Size::from_bytes(count))?;
-            let result = handle.file.write(&bytes).map(|c| c as i64);
-            this.try_unwrap_io_result(result)
+            let result = handle.file.write(&bytes);
+
+            if let Ok(c) = result {
+                // Check that we wrote less than `i64::MAX` bytes.
+                if c > (i64::max_value() as usize) {
+                    throw_unsup_format!("Number of written bytes {} is larger than the maximum value", c);
+                }
+            }
+
+            this.try_unwrap_io_result(result.map(|c| c as i64))
         } else {
             this.handle_not_found()
         }