Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Memory Unsafety on 16bit Platforms for Range.collect() #48006

Closed
oberien opened this issue Feb 4, 2018 · 0 comments · Fixed by #53755
Closed

Memory Unsafety on 16bit Platforms for Range.collect() #48006

oberien opened this issue Feb 4, 2018 · 0 comments · Fixed by #53755
Labels
C-bug Category: This is a bug. I-unsound Issue: A soundness hole (worst kind of bug), see: https://en.wikipedia.org/wiki/Soundness T-libs-api Relevant to the library API team, which will review and decide on the PR/issue.

Comments

@oberien
Copy link
Contributor

oberien commented Feb 4, 2018
edited
Loading

TrustedLen is implemented for Range for every integer primitve T. TrustedLen requires that the upper bound of .size_hint is None if the iterator produces more than usize::MAX elements. <Range as Iterator>.size_hint uses steps_between to produce its result. The implementation of steps_between subtracts the lower from the upper value and casts it to usize. This is implemented undconditionally for u32. On 16bit platforms, the result of the subtraction of two u32 values may not fit inside usize, producing an invalid size_hint.
This means, that e.g. collecting into a Vec using its SpecExtend::spec_extend specialization for TrustedLen allows writing beyond its reserved buffer. One such example input would be (0..(usize::MAX as u32 + 1)).collect::<Vec<_>>().

Reference: #47944 (comment)
/cc @bluss
@oberien oberien mentioned this issue Feb 4, 2018
Merged
@TimNN TimNN added the C-bug Category: This is a bug. label Feb 6, 2018
@bluss bluss added the I-unsound Issue: A soundness hole (worst kind of bug), see: https://en.wikipedia.org/wiki/Soundness label Feb 6, 2018
@kennytm kennytm added the T-libs-api Relevant to the library API team, which will review and decide on the PR/issue. label Feb 6, 2018
@llogiq llogiq mentioned this issue Aug 28, 2018
Merged
bors added a commit that referenced this issue Aug 31, 2018
@bors
Auto merge of #53755 - llogiq:fix-unsound-16bit-range, r=nagisa
571a624 
fix u32 steps_between for 16-bit systems

This fixes #48006.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
C-bug Category: This is a bug. I-unsound Issue: A soundness hole (worst kind of bug), see: https://en.wikipedia.org/wiki/Soundness T-libs-api Relevant to the library API team, which will review and decide on the PR/issue.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix u32 steps_between for 16-bit systems llogiq/rust
4 participants
@kennytm @TimNN @bluss @oberien