-
Notifications
You must be signed in to change notification settings - Fork 97
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mitigate misuse of Swift's pointer conversion feature #80
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Put doc comments and some cleanup, otherwise LGTM
6a3f211
to
d8b64ad
Compare
@swift-ci please test |
d8b64ad
to
a63ef99
Compare
@swift-ci please test |
a63ef99
to
94ca9f3
Compare
@swift-ci please test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shame we need to add all these overloads -- can't wait to have a language-level solution.
94ca9f3
to
3a82bc8
Compare
10257a8
to
3920df7
Compare
@swift-ci please test |
This is a continuation of the work done in apple/swift#42002, addressing the exact same issues.
The family of
String
(andFilePath
) initializers that convert from C strings (null-terminated byte buffers) can be called with Swift arrays, which are converted toUnsafePointer
arguments for C interoperability. However, when the array passed in to them violates the C string precondition of containing a zero byte, this can result in a buffer overflow.This PR overloads every such initializer with a version for
[CodeUnit]
andinout CodeUnit
, enforcing the null-terminated precondition. An overload for String is also added. The String overload may appear strictly useless, but it behaves differently than a direct copy when the source string contains an embedded null.Addresses rdar://91436410.