Fix into_owned String not having enough provenance (#47)

* Fix `into_owned` `String` not having enough provenance Calling `.as_mut_ptr` on a `String` actually goes through `&mut str`, which shrinks the provenance of the pointer to only contain the initialized bytes. This caused issues when a reconstructed `String` tried to write to the uninitialized part of it. The fix is to go through `Vec::<u8>::as_mut_ptr`, which gives provenance for the entire allocation. * Run `-Zmiri-strict-provenance` in CI
maciejhirsz · May 27, 2022 · 6bb5597 · 6bb5597
1 parent 2b617ba
commit 6bb5597
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/ci/miri.sh b/ci/miri.sh
@@ -9,4 +9,4 @@ rustup default "$MIRI_NIGHTLY"
 rustup component add miri
 cargo miri setup
 
-cargo miri test --all-features
+MIRIFLAGS='-Zmiri-strict-provenance' cargo miri test --all-features
diff --git a/src/traits.rs b/src/traits.rs
@@ -94,7 +94,9 @@ pub(crate) mod internal {
             U: Capacity,
         {
             // Convert to `String::into_raw_parts` once stabilized
-            let mut owned = ManuallyDrop::new(owned);
+            // We need to go through Vec here to get provenance for the entire allocation
+            // instead of just the initialized parts.
+            let mut owned = ManuallyDrop::new(owned.into_bytes());
             let (fat, cap) = U::store(owned.len(), owned.capacity());
 
             (