New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reading methods are not sound w.r.t alignment #47
Comments
Could you explain a bit more about the UB? (I'm not familiar with this particular case.) I take it that asserting the length of a |
Using The pointer must be well aligned for the element type of the memory access. The typical way to do a possibly unaligned access in a well defined way is like this disclaimer: I wrote that code. But that's exactly what for example google's farmhash does in C to do a possibly unaligned load. On a platform where unaligned loads are unproblematic, the compiler generates a regular load. I don't know its performance on other platforms than x86 though, there could be better ways to do it there possibly, but this approach is at least sound.
|
If you deref a I would not even cast a |
I see, thanks for explaining and pointing to a solution. :-) That makes sense. So switching to |
This issue appeared because of me occasionally looking into byteorder code and writing my own vehicle for byte operations... |
I found this page to contain the best explanation I've seen so far: https://www.securecoding.cert.org/confluence/display/c/EXP36-C.+Do+not+cast+pointers+into+more+strictly+aligned+pointer+types |
Instead of casting pointers, we do a proper unaligned load using copy_nonoverlapping. Benchmarks appear unaffected on Linux x64.
Fixes undefined behavior reported in #47.
Fixed in #48. |
The byteorder crate is casting a u8 pointer to for example *const u64 and reading it. This requires that the pointer is well aligned for the new element type, otherwise this is UB.
The text was updated successfully, but these errors were encountered: