UB in get_columns_and_bytes_before

[0xd34d10cc]

The following code:

use nom_locate::LocatedSpan;

fn main() {
    let fragment = [b'a', b'b', b'c', b'd'];
    let span = LocatedSpan {
        offset: 12345,
        line: 0,
        fragment: std::str::from_utf8(&fragment).unwrap(),
        extra: ()
    };

    println!("{}", span.get_utf8_column());
}

prints random garbage value.

The problem is here:

nom_locate/src/lib.rs

Lines 216 to 223 in 504e849

	let before_self = unsafe {
	assert!(
	self.offset <= isize::max_value() as usize,
	"offset is too big"
	);
	let orig_input_ptr = self_ptr.offset(-(self.offset as isize));
	slice::from_raw_parts(orig_input_ptr, self.offset)
	};

There is no guarantee that self.offset bytes before self.fragment.as_bytes().as_ptr() are actually readable.

[progval]

Can this happen without constructing a LocatedSpan manually? I don't see any reason to do that; we should probably add an empty private field so it doesn't happen.

[0xd34d10cc]

Can this happen without constructing a LocatedSpan manually?

Well, offset field is public, nothing prevents users from changing its value after construction.

[progval]

indeed