[Bug] Panics can be caused by lying about length in certain positions.

[junderw]

Background

I am working on a project that uses a std::io::BufReader. When writing tests for edge cases, I was testing cases where weird things align in weird ways with the buffer boundary (which will cause the data to be split between two calls to fill_buf().

While testing, I tried placing the PROXY headers at various weird positions, and these are some panics I found.

Expected

Anything that causes a panic should be fixed to return an Err.

v1 header

If you parse a v1 header that is missing only the final \n then it panics. (panicked at 'assertion failed: self.remaining() >= 1', /home/jonathan/.cargo/registry/src/index.crates.io-6f17d22bba15001f/bytes-1.1.0/src/buf/buf_impl.rs:288:9)

v2 header

Given this header 0d0a0d0a000d0a515549540a2111000f7f000001c0a80001ffff0101450000 if you cut the last 2 bytes off the end, the panic is 'range start index 3 out of range for slice of length 1', /home/jonathan/.cargo/registry/src/index.crates.io-6f17d22bba15001f/bytes-1.1.0/src/buf/buf_impl.rs:1034:18