Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Do not expose uninitialized memory to ReadBytes
As Youngsuk Kim pointed out, a pathological user-provided ReadBytes implementation could read from the buffer that it is only supposed to write to, which means it would be reading uninitialized memory. My first attempt at sidestepping this was to just use a vec![0; len] to have a zeroed buffer to read into, but this has severe performance impact. Fortunately, we can fix the problem without introducing extra zeroing, by reversing the roles: ReadBytes no longer receives the buffer, it should produce it. This way, the BufferedReader impl for ReadBytes can keep the uninitialized memory entirely in the function, and the Cursor<u8> impl simply becomes a call to slice::to_vec, without any unsafe at all. I haven't measured the performance impact of this yet.
- Loading branch information
Showing
3 changed files
with
41 additions
and
52 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters