New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix str mutating through a ptr derived from &self #58200

Merged
merged 4 commits into from Feb 13, 2019

Conversation

Projects
None yet
5 participants
@RalfJung
Copy link
Member

RalfJung commented Feb 5, 2019

Found by Miri: In get_unchecked_mut (also used by the checked variants internally) uses str::as_ptr to create a mutable reference, but as_ptr takes &self. This means the mutable references we return here got created from a shared reference, which violates the shared-references-are-read-only discipline!

For this by using a newly introduced as_mut_ptr instead.

@rust-highfive

This comment has been minimized.

Copy link
Collaborator

rust-highfive commented Feb 5, 2019

r? @Kimundi

(rust_highfive has picked a reviewer for you, use r? to override)

let len = self.end - self.start;
super::from_utf8_unchecked_mut(slice::from_raw_parts_mut(ptr as *mut u8, len))
super::from_utf8_unchecked_mut(slice::from_raw_parts_mut(ptr, len))

This comment has been minimized.

@RalfJung

RalfJung Feb 6, 2019

Author Member

Notice that this raw ptr cast here is the "canary" that gave away that the old code was wrong -- it was actually casting *const u8 to *mut u8, which should not have been necessary.

@RalfJung RalfJung requested a review from SimonSapin Feb 6, 2019

/// modified in a way that it remains valid UTF-8.
///
/// [`u8`]: primitive.u8.html
#[unstable(feature = "str_as_mut_ptr", issue = "0")]

This comment has been minimized.

@SimonSapin

SimonSapin Feb 6, 2019

Contributor

r+ with a tracking issue

This comment has been minimized.

@RalfJung

RalfJung Feb 6, 2019

Author Member

I opened a tracking issue in #58215, please check if that looks all right.

@RalfJung

This comment has been minimized.

Copy link
Member Author

RalfJung commented Feb 6, 2019

@bors r=SimonSapin

@bors

This comment has been minimized.

Copy link
Contributor

bors commented Feb 6, 2019

📌 Commit a996f2c has been approved by SimonSapin

@RalfJung

This comment has been minimized.

Copy link
Member Author

RalfJung commented Feb 7, 2019

Turns out there was another bad use of as_ptr, in str::split_at_mut. I fixed that as well and reviewed the remaining uses in str/mod.rs.

@SimonSapin could you review?

@SimonSapin

This comment has been minimized.

Copy link
Contributor

SimonSapin commented Feb 7, 2019

@bors r+

@bors

This comment has been minimized.

Copy link
Contributor

bors commented Feb 7, 2019

📌 Commit 66c894e has been approved by SimonSapin

Centril added a commit to Centril/rust that referenced this pull request Feb 13, 2019

Rollup merge of rust-lang#58200 - RalfJung:str-as-mut-ptr, r=SimonSapin
fix str mutating through a ptr derived from &self

Found by Miri: In `get_unchecked_mut` (also used by the checked variants internally) uses `str::as_ptr` to create a mutable reference, but `as_ptr` takes `&self`.  This means the mutable references we return here got created from a shared reference, which violates the shared-references-are-read-only discipline!

For this by using a newly introduced `as_mut_ptr` instead.

Centril added a commit to Centril/rust that referenced this pull request Feb 13, 2019

Rollup merge of rust-lang#58200 - RalfJung:str-as-mut-ptr, r=SimonSapin
fix str mutating through a ptr derived from &self

Found by Miri: In `get_unchecked_mut` (also used by the checked variants internally) uses `str::as_ptr` to create a mutable reference, but `as_ptr` takes `&self`.  This means the mutable references we return here got created from a shared reference, which violates the shared-references-are-read-only discipline!

For this by using a newly introduced `as_mut_ptr` instead.

bors added a commit that referenced this pull request Feb 13, 2019

Auto merge of #58413 - Centril:rollup, r=Centril
Rollup of 13 pull requests

Successful merges:

 - #57693 (Doc rewording)
 - #57815 (Speed up the fast path for assert_eq! and assert_ne!)
 - #58034 (Stabilize the time_checked_add feature)
 - #58057 (Stabilize linker-plugin based LTO (aka cross-language LTO))
 - #58137 (Cleanup: rename node_id_to_type(_opt))
 - #58166 (allow shorthand syntax for deprecation reason)
 - #58196 (Add specific feature gate error for const-unstable features)
 - #58200 (fix str mutating through a ptr derived from &self)
 - #58273 (Rename rustc_errors dependency in rust 2018 crates)
 - #58289 (impl iter() for dyn Error)
 - #58387 (Disallow `auto` trait alias syntax)
 - #58404 (use Ubuntu keyserver for CloudABI ports)
 - #58405 (Remove some dead code from libcore)

Failed merges:

r? @ghost

Centril added a commit to Centril/rust that referenced this pull request Feb 13, 2019

Rollup merge of rust-lang#58200 - RalfJung:str-as-mut-ptr, r=SimonSapin
fix str mutating through a ptr derived from &self

Found by Miri: In `get_unchecked_mut` (also used by the checked variants internally) uses `str::as_ptr` to create a mutable reference, but `as_ptr` takes `&self`.  This means the mutable references we return here got created from a shared reference, which violates the shared-references-are-read-only discipline!

For this by using a newly introduced `as_mut_ptr` instead.

bors added a commit that referenced this pull request Feb 13, 2019

Auto merge of #58415 - Centril:rollup, r=Centril
Rollup of 12 pull requests

Successful merges:

 - #57693 (Doc rewording)
 - #57815 (Speed up the fast path for assert_eq! and assert_ne!)
 - #58034 (Stabilize the time_checked_add feature)
 - #58057 (Stabilize linker-plugin based LTO (aka cross-language LTO))
 - #58137 (Cleanup: rename node_id_to_type(_opt))
 - #58166 (allow shorthand syntax for deprecation reason)
 - #58200 (fix str mutating through a ptr derived from &self)
 - #58273 (Rename rustc_errors dependency in rust 2018 crates)
 - #58289 (impl iter() for dyn Error)
 - #58387 (Disallow `auto` trait alias syntax)
 - #58404 (use Ubuntu keyserver for CloudABI ports)
 - #58405 (Remove some dead code from libcore)

Failed merges:

r? @ghost

@bors bors merged commit 66c894e into rust-lang:master Feb 13, 2019

@RalfJung RalfJung deleted the RalfJung:str-as-mut-ptr branch Feb 17, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment