Allow writes of length 0 to a full buffer

[arjantop]

First condition is not needed and just prevents 0 length writes

Fixes #15583

[alexcrichton]

Could you add a test for this as well?

[arjantop]

Yeah just remembered, working on that

[bluss]

You'd write buf.len() > max_size - self.pos to be safe against overflow. I'm not sure if the surrounding code is written with that in mind, or if it matters, though.

(re-post comment from changed diff to here)

[arjantop]

Added test and changed condition to @blake2-ppc suggestion

[arjantop]

Looks like there ia a problem with a @blake2-ppc suggestion because seeking beyond end of buffer is allowed and all the lengths are unsigned.

[bluss]

True, I'm sorry for that; the conditional needs an invariant that Seek doesn't keep in place. The fact remains that the original condition is an "overflow trigger", a pattern that usually has an overflow problem.

In the past I fixed a lot of overflow problems with vectors -- Rust code would write overflowing calculations and head directly into unsafe code with those invalid values (allowing crashes or arbitrary memory clobbering). Since there's always a risk that later changes add unsafe sections to some parts of the implementation of for example BufWriter, it remains important to think about arithmetic wraparound / overflow.

[arjantop]

That was just a statement after finding a problem until I fix it, not blaming you.

[arjantop]

That build error just travis issues? @alexcrichton

[huonw]

@arjantop probably, I just restarted it. (Also, btw, bors the integration bot ignores travis results, i.e. it will do it's thing even if the travis build fails. e.g. this PR is still in the approved section of the queue, and will probably be tested in a few hours.)