Validation: check raw wide pointer metadata #63880
Conversation
rust-highfive
added
the
S-waiting-on-review
|
So https://doc.rust-lang.org/std/ptr/fn.slice_from_raw_parts.html is wrong? It's a safe function allowing the construction of such invalid slices. It can also be done safely on stable: Did anything change in that regard? |
|
Looks like @eddyb was the only one who even knew that we require wide raw ptr metadata to be valid.^^ Nobody in #60667 and rust-lang/unsafe-code-guidelines#166 knew. |
|
For this PR, we could (for now) say the fact that this cast is allowed is a bug, and wait until #63851 / rust-lang/unsafe-code-guidelines#166 are resolved. That would match the UB lists in the Nomicon / Reference. Or we do the slice length check not for raw pointers. That would make the UB documentation more messy. Or we declare the slice length to be just part of the safety invariant of slices so that there is nothing to check, keeping UB simpler. |
| ty::Slice(ty) => self.ecx.layout_of(ty)?.size, | ||
| _ => bug!("It cannot be another type"), | ||
| }; | ||
| if elem_size.checked_mul(len, &*self.ecx.tcx).is_none() { |
There was a problem hiding this comment.
(offtopic) @oli-obk why doesn't TyCtxtAt just implement the right traits to not require all of these &* in miri?
|
@oli-obk I removed the new slice length check. |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
|
@bors r+ |
|
📌 Commit 04580b6 has been approved by |
bors
added
S-waiting-on-bors
bors
added
S-waiting-on-author
|
Hm actually I cannot get it to ICE... use std::slice;
use std::usize;
fn main() { unsafe {
let ptr = Box::into_raw(Box::new(0u8));
let _x = slice::from_raw_parts(ptr, usize::MAX);
} } |
|
rust/src/librustc_target/abi/mod.rs Lines 341 to 360 in 7e0afda @eddyb is that deliberate? EDIT: Never mind, that's |
|
Oh, I will remove the last commit here and make that a new PR. |
|
@bors r=oli-obk |
|
📌 Commit 04580b6 has been approved by |
bors
added
S-waiting-on-bors
Validation: check raw wide pointer metadata While I was at it, I also added a missing check for slices not to be too big. r? @oli-obk Fixes rust-lang/miri#918
Validation: check raw wide pointer metadata While I was at it, I also added a missing check for slices not to be too big. r? @oli-obk Fixes rust-lang/miri#918
Validation: check raw wide pointer metadata While I was at it, I also added a missing check for slices not to be too big. r? @oli-obk Fixes rust-lang/miri#918
Rollup of 7 pull requests Successful merges: - #63867 (resolve: Block expansion of a derive container until all its derives are resolved) - #63880 (Validation: check raw wide pointer metadata) - #63914 (ty: use Align for ReprOptions pack and align.) - #63941 (rustbuild: allow disabling deny(warnings) for bootstrap) - #63949 (Fix build src/libtest) - #63984 (Update rust-installer to limit memory use) - #63992 (Small improvement for Ord implementation of integers) Failed merges: r? @ghost
|
☔ The latest upstream changes (presumably #63998) made this pull request unmergeable. Please resolve the merge conflicts. |
bors
added
S-waiting-on-author
test for invalid wide raw ptr This is the Miri side of rust-lang/rust#63880.
|
@bors r- retry |
bors
added
S-waiting-on-bors
While I was at it, I also added a missing check for slices not to be too big.
r? @oli-obk
Fixes rust-lang/miri#918