From f7ab4f7869ecb37c1e2a2327b032ddfafcbcd828 Mon Sep 17 00:00:00 2001
From: Pawan Dhananjay <pawandhananjay@gmail.com>
Date: Sat, 14 Nov 2020 22:38:49 +0530
Subject: [PATCH]  misc/multiaddr: Limit initial memory allocation in visit_seq
 (#1833)

Without a limit, one can send malformed input such that seq.size_hint() returns
a very large value and crashes the program even if the following data is pretty
small.
---
 misc/multiaddr/src/lib.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/misc/multiaddr/src/lib.rs b/misc/multiaddr/src/lib.rs
index 60c2ff8d..41a77a32 100644
--- a/misc/multiaddr/src/lib.rs
+++ b/misc/multiaddr/src/lib.rs
@@ -346,7 +346,7 @@ impl<'de> Deserialize<'de> for Multiaddr {
                 formatter.write_str("multiaddress")
             }
             fn visit_seq<A: de::SeqAccess<'de>>(self, mut seq: A) -> StdResult<Self::Value, A::Error> {
-                let mut buf: Vec<u8> = Vec::with_capacity(seq.size_hint().unwrap_or(0));
+                let mut buf: Vec<u8> = Vec::with_capacity(std::cmp::min(seq.size_hint().unwrap_or(0), 4096));
                 while let Some(e) = seq.next_element()? { buf.push(e); }
                 if self.is_human_readable {
                     let s = String::from_utf8(buf).map_err(DeserializerError::custom)?;