New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
String::retain allows safely creating invalid (non-utf8) strings when abusing panic #78498
Labels
C-bug
Category: This is a bug.
I-unsound
Issue: A soundness hole (worst kind of bug), see: https://en.wikipedia.org/wiki/Soundness
P-high
High priority
T-libs
Relevant to the library team, which will review and decide on the PR/issue.
T-libs-api
Relevant to the library API team, which will review and decide on the PR/issue.
Comments
|
Assigning |
SkiFire13
added a commit
to SkiFire13/rust
that referenced
this issue
Oct 29, 2020
jonas-schievink
pushed a commit
to jonas-schievink/rust
that referenced
this issue
Oct 29, 2020
rodrimati1992
added a commit
to rodrimati1992/abi_stable_crates
that referenced
this issue
Dec 21, 2020
These methods copied their implementation from the standard library, which had memory safety bugs discovered in rust-lang/rust#60977 and rust-lang/rust#78498 . This bug was reported in #44 . Added adapted tests from std which test these bugs.
rodrimati1992
added a commit
to rodrimati1992/abi_stable_crates
that referenced
this issue
Dec 22, 2020
* Fixed String::retain, RVec::retain. Bumped patch version to 0.9.1 . These methods copied their implementation from the standard library, which had memory safety bugs discovered in rust-lang/rust#60977 and rust-lang/rust#78498 . This bug was reported in #44 . Added adapted tests from std which test these bugs. * Updated changelog for patch
rodrimati1992
added a commit
to rodrimati1992/abi_stable_crates
that referenced
this issue
Nov 22, 2022
* Fixed String::retain, RVec::retain. Bumped patch version to 0.9.1 . These methods copied their implementation from the standard library, which had memory safety bugs discovered in rust-lang/rust#60977 and rust-lang/rust#78498 . This bug was reported in #44 . Added adapted tests from std which test these bugs. * Updated changelog for patch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
C-bug
Category: This is a bug.
I-unsound
Issue: A soundness hole (worst kind of bug), see: https://en.wikipedia.org/wiki/Soundness
P-high
High priority
T-libs
Relevant to the library team, which will review and decide on the PR/issue.
T-libs-api
Relevant to the library API team, which will review and decide on the PR/issue.
While
String::retainexecutes it may temporarily leave theStringin an inconsistent state, in particular it may contain invalid utf8. This is safe because it restores this invariant before returning, but the caller may skip this by panicing inside the closure and catching the unwind it outside. This allows to createStrings that are not utf8, breaking the library invariant without usingunsafe.For example the following will panic at the final assertion, while I would expect it to never fail when
shas typeString:The text was updated successfully, but these errors were encountered: