From f28eb96700d6bd27310c74301443e0e5ae4adb19 Mon Sep 17 00:00:00 2001
From: jmestwa-coder <jmestwa@gmail.com>
Date: Sat, 4 Apr 2026 16:41:31 +0530
Subject: [PATCH] buffer bound handling in jemalloc stats callback to avoid
 unintended growth

---
 crates/aptos-admin-service/src/server/malloc.rs | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/crates/aptos-admin-service/src/server/malloc.rs b/crates/aptos-admin-service/src/server/malloc.rs
index 39e9156b8f3..e4a2289290a 100644
--- a/crates/aptos-admin-service/src/server/malloc.rs
+++ b/crates/aptos-admin-service/src/server/malloc.rs
@@ -20,8 +20,13 @@ unsafe extern "C" fn write_cb(buf: *mut c_void, s: *const c_char) {
     let out = unsafe { &mut *(buf as *mut Vec<u8>) };
     let stats_cstr = unsafe { CStr::from_ptr(s).to_bytes() };
     // We do not want any memory allocation in the callback.
-    let len = std::cmp::min(out.capacity(), stats_cstr.len());
-    out.extend_from_slice(&stats_cstr[0..len]);
+    let remaining = out.capacity().saturating_sub(out.len());
+    if remaining == 0 {
+        return;
+    }
+
+    let len = std::cmp::min(remaining, stats_cstr.len());
+    out.extend_from_slice(&stats_cstr[..len]);
 }
 
 fn get_jemalloc_stats_string(max_len: usize) -> anyhow::Result<String> {