Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AlignedBoxedSlice is unsound #3370

Closed
FreezyLemon opened this issue Mar 27, 2024 · 1 comment · Fixed by #3371
Closed

AlignedBoxedSlice is unsound #3370

FreezyLemon opened this issue Mar 27, 2024 · 1 comment · Fixed by #3371

Comments

@FreezyLemon
Copy link
Contributor

AlignedBoxedSlice<T> is unsound in multiple places:

  1. The safety invariants of Layout::from_size_align_unchecked are not always fulfilled: The size parameter can overflow isize for some lengths
  2. NonNull::new_unchecked(alloc(...)): alloc can return a null pointer on allocation failure
  3. The initialization code in AlignedBoxedSlice::new creates a mutable slice from uninitialized memory (instead of ptr::write or MaybeUninit)

Pretty much the same problems also existed in v_frame. Those were fixed, more issues were found and the implementation was ultimately replaced and aligned-vec was used instead. I think it could be used in rav1e too. Maybe Aligned<T> and the entirety of align.rs could be removed then because it also has an unsound function.
@lu-zero
Copy link
Collaborator

lu-zero commented Mar 28, 2024

Moving to aligned-vec sounds overall a good idea (and probably we could poke a bit to have those facilities in std directly)

@FreezyLemon FreezyLemon mentioned this issue Mar 29, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Replace AlignedBoxedSlice with aligned_vec::ABox FreezyLemon/rav1e
2 participants
@lu-zero @FreezyLemon