Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GAT's + associated type defaults may cause UB #74824

Closed
DutchGhost opened this issue Jul 27, 2020 · 3 comments · Fixed by #80136
Closed

GAT's + associated type defaults may cause UB #74824

DutchGhost opened this issue Jul 27, 2020 · 3 comments · Fixed by #80136
Assignees
@aDotInTheVoid
Labels
C-bug Category: This is a bug. E-needs-test Call for participation: An issue has been fixed and does not reproduce, but no test has been added. F-associated_type_defaults `#![feature(associated_type_defaults)]` F-generic_associated_types `#![feature(generic_associated_types)]` a.k.a. GATs I-unsound Issue: A soundness hole (worst kind of bug), see: https://en.wikipedia.org/wiki/Soundness requires-nightly This issue requires a nightly compiler in some way.

Comments

@DutchGhost
Copy link
Contributor

DutchGhost commented Jul 27, 2020
edited by rustbot
Loading

I tried this code:

#![feature(generic_associated_types)]
#![feature(associated_type_defaults)]

use core::ops::Deref;

trait UnsafeCopy {
    type Copy<T>: Copy = Box<T>;
    
    fn copy<T>(x: &Self::Copy<T>) -> Self::Copy<T> {
        *x
    }
}

impl <T> UnsafeCopy for T {}

fn main() {
    let b = Box::new(42usize);
    let copy = <()>::copy(&b);
    
    let raw_b = Box::deref(&b) as *const _;
    let raw_copy = Box::deref(&copy) as *const _;
    
    // assert the addresses.
    assert_eq!(raw_b, raw_copy);
}

I expected to see this happen: Getting some errors that Box<usize> does not satisfy the Copy bound.

Instead, this happened: The program compiled and resulted in a double free, b and copy both are of type Box<usize> and point to the same memory...

Meta

rustc --version --verbose:

1.47.0-nightly (2020-07-26 6c8927b0cf80ceee1938)
Backtrace 

warning: 1 warning emitted

    Finished dev [unoptimized + debuginfo] target(s) in 0.80s
     Running `target/debug/playground`
free(): double free detected in tcache 2
timeout: the monitored command dumped core
/playground/tools/entrypoint.sh: line 11:     7 Aborted                 timeout --signal=KILL ${timeout} "$@"

This seems like some variation of #62211 and #68641
@DutchGhost DutchGhost added the C-bug Category: This is a bug. label Jul 27, 2020
@jonas-schievink jonas-schievink added F-associated_type_defaults `#![feature(associated_type_defaults)]` F-generic_associated_types `#![feature(generic_associated_types)]` a.k.a. GATs I-unsound Issue: A soundness hole (worst kind of bug), see: https://en.wikipedia.org/wiki/Soundness requires-nightly This issue requires a nightly compiler in some way. labels Jul 27, 2020
@steffahn
Copy link
Member

steffahn commented Jul 27, 2020
edited
Loading

I guess, this duplicates #74816.
(Especially with the comment that I added pretty much at the exact same time you created this issue).

@DutchGhost
Copy link
Contributor Author

I guess, this duplicates #74816.
(Especially with the comment that I added pretty much at the exact same time you created this issue).

Yes, I noticed it haha. Perhaps splitting your original issue up in several issues is a good idea, though

@aDotInTheVoid
Copy link
Member

Triage: this given an error, on nightly.

@rustbot modify labels +E-needs-test

@rustbot claim

@rustbot rustbot added the E-needs-test Call for participation: An issue has been fixed and does not reproduce, but no test has been added. label Dec 17, 2020
aDotInTheVoid added a commit to aDotInTheVoid/rust that referenced this issue Dec 17, 2020
@aDotInTheVoid
Add test for issue rust-lang#74824
b11b705
@aDotInTheVoid aDotInTheVoid mentioned this issue Dec 17, 2020
Merged
Dylan-DPC-zz pushed a commit to Dylan-DPC-zz/rust that referenced this issue Dec 22, 2020
@Dylan-DPC
Rollup merge of rust-lang#80136 - aDotInTheVoid:74824-test, r=Mark-Si…
9b40dd8 
…mulacrum

Add test for issue rust-lang#74824

It was fixed a while ago, but doesn't have a test.

Closes rust-lang#74824
@Dylan-DPC-zz Dylan-DPC-zz mentioned this issue Dec 22, 2020
Closed
@GuillaumeGomez GuillaumeGomez mentioned this issue Dec 22, 2020
Merged
bors added a commit to rust-lang-ci/rust that referenced this issue Dec 23, 2020
@bors
Auto merge of rust-lang#80314 - GuillaumeGomez:rollup-9rc48vx, r=Guil…
89886e6 
…laumeGomez

Rollup of 17 pull requests

Successful merges:

 - rust-lang#80136 (Add test for issue rust-lang#74824)
 - rust-lang#80203 (Edit rustc_middle::lint::LintSource docs)
 - rust-lang#80204 (docs: Edit rustc_middle::ty::query::on_disk_cache)
 - rust-lang#80219 (Fix labels for 'Library Tracking Issue' template)
 - rust-lang#80222 (Fix rustc-std-workspace-core documentation)
 - rust-lang#80223 (docs: Fix outdated crate reference)
 - rust-lang#80225 (Add module-level docs to rustc_middle::ty)
 - rust-lang#80241 (Fix typo)
 - rust-lang#80248 (Remove `I-prioritize` from Zulip topic)
 - rust-lang#80266 (Remove redundant test)
 - rust-lang#80272 (rustc_span: Provide a reserved identifier check for a specific edition)
 - rust-lang#80285 (Update books)
 - rust-lang#80286 (docs: Edit rustc_middle::middle::privacy)
 - rust-lang#80297 (Add some intra-doc links to compiler docs)
 - rust-lang#80298 (Improve the code quality by using matches macro)
 - rust-lang#80299 (Turn helper method into a closure)
 - rust-lang#80302 (docs: Update rustc_middle::middle::region::ScopeTree)

Failed merges:

r? `@ghost`
`@rustbot` modify labels: rollup
@bors bors closed this as completed in 26f2d8e Dec 23, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aDotInTheVoid aDotInTheVoid

Labels
C-bug Category: This is a bug. E-needs-test Call for participation: An issue has been fixed and does not reproduce, but no test has been added. F-associated_type_defaults `#![feature(associated_type_defaults)]` F-generic_associated_types `#![feature(generic_associated_types)]` a.k.a. GATs I-unsound Issue: A soundness hole (worst kind of bug), see: https://en.wikipedia.org/wiki/Soundness requires-nightly This issue requires a nightly compiler in some way.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add test for issue #74824 aDotInTheVoid/rust
5 participants
@jonas-schievink @steffahn @DutchGhost @aDotInTheVoid @rustbot