Arithmetic overflow found on `with_capacity()`

[HeeillWang]

I executed fuzz testing on http-0.2.9, and found some arithmetic overflow.
Please note that overflow condition is different with #626 .

    pub fn with_capacity(capacity: usize) -> HeaderMap<T> {
        if capacity == 0 {
            HeaderMap {
                mask: 0,
                indices: Box::new([]), // as a ZST, this doesn't actually allocate anything
                entries: Vec::new(),
                extra_values: Vec::new(),
                danger: Danger::Green,
            }
        } else {
            let raw_cap = to_raw_capacity(capacity).next_power_of_two();   // overflow!
            assert!(raw_cap <= MAX_SIZE, "requested capacity too large");
            debug_assert!(raw_cap > 0);

            HeaderMap {
                mask: (raw_cap - 1) as Size,
                indices: vec![Pos::none(); raw_cap].into_boxed_slice(),
                entries: Vec::with_capacity(raw_cap),
                extra_values: Vec::new(),
                danger: Danger::Green,
            }
        }
    }

reproduce with :

HeaderMap::<u32>::with_capacity(12538021362599493900);  // put some big number here

If you input TOO big number on with_capacity(), #626 occurs before reaching to next_power_of_two().

[hawkw]

It seems like there should be an assertion prior to the next_power_of_two call, in addition to the one after it?

[HeeillWang]

That would resolve #626 as well.
Plus, consider to use checked_next_power_of_two

[seanmonstar]

Thanks for detecting those! Would you like to submit a PR that uses an assertion or checked math?

[HeeillWang]

submitted on #628