Remove UB in the heap_string function #1667
Conversation
|
@kennykerr @Lokathor thanks for the tip on using |
|
You could probably lower that alignment assert to a debug_assert, since if the allocator gives you a badly aligned pointer then a million other places will all have similar problems anyway. That much of the allocator you usually have to just trust. Though now that you mention it, checking for a non-null buffer pointer is probably a good idea. The allocation cam fail, and in that case the pointer would be null. |
|
@Lokathor We already check for null inside of |
|
This is fine for now - we may eventually replace the generic function with a pair of non-generic functions since this almost seems like more trouble than it's worth. |
|
@kennykerr moving to two functions would only really allow removing the trait constraints on the argument type and the alignment check which might not be worth the duplicated code, but we can see 😊 |
After some discussion it was concluded that there is UB in the implementation of
heap_string. This removes that UB.In particular,
std::slice::from_raw_parts_mutrequires that the pointer points to initialized member which we do not get fromheap_alloc. The solution to initializing uninitialized memory is to usestd::ptr::writewhich does not read or drop values it writes to (and is thus documented specifically as being appropriate for writing to uninitialized memory).cc @Lokathor