rand: Fix filling buffers 4 GiB or larger with OsRng::fill_bytes on Windows

ollie27 · ollie27 · commit ac3cc33fee5e · 2016-02-25T01:35:41.000Z
CryptGenRandom takes a DWORD (u32) for the length so it only supports
writing u32::MAX bytes at a time.

Casting the length from a usize caused truncation meaning the whole
buffer was not always filled.
diff --git a/src/libstd/sys/windows/rand.rs b/src/libstd/sys/windows/rand.rs
@@ -48,13 +48,17 @@ impl Rng for OsRng {
         unsafe { mem::transmute(v) }
     }
     fn fill_bytes(&mut self, v: &mut [u8]) {
-        let ret = unsafe {
-            c::CryptGenRandom(self.hcryptprov, v.len() as c::DWORD,
-                              v.as_mut_ptr())
-        };
-        if ret == 0 {
-            panic!("couldn't generate random bytes: {}",
-                   io::Error::last_os_error());
+        // CryptGenRandom takes a DWORD (u32) for the length so we need to
+        // split up the buffer.
+        for slice in v.chunks_mut(<c::DWORD>::max_value() as usize) {
+            let ret = unsafe {
+                c::CryptGenRandom(self.hcryptprov, slice.len() as c::DWORD,
+                                  slice.as_mut_ptr())
+            };
+            if ret == 0 {
+                panic!("couldn't generate random bytes: {}",
+                       io::Error::last_os_error());
+            }
         }
     }
 }
