Skip to content
This repository has been archived by the owner on Feb 7, 2021. It is now read-only.

Fix UB when T contains uninit bytes #6

Merged
merged 6 commits into from
Feb 11, 2020
Merged

Fix UB when T contains uninit bytes #6

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
2d836bf
always run miri tests in nightly
TyPR124 Feb 10, 2020
4b7c677
add tests for uninit bytes
TyPR124 Feb 10, 2020
acc0ed2
fmt
TyPR124 Feb 10, 2020
859f967
Fix UB with T contains uninit bytes
TyPR124 Feb 10, 2020
1a91681
unused import
TyPR124 Feb 10, 2020
8c5da8c
change comments
TyPR124 Feb 10, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
62 changes: 52 additions & 10 deletions src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -138,7 +138,7 @@ extern crate alloc;

use alloc::boxed::Box;
use core::fmt;
use core::mem::{self, size_of, MaybeUninit};
use core::mem::{self, MaybeUninit};
use core::ops::{Deref, DerefMut};
use core::ptr;

Expand Down Expand Up @@ -217,15 +217,11 @@ impl<T> Stowaway<T> {
}
SizeClass::Boxed => Box::into_raw(Box::new(value)),
SizeClass::Packed => {
// If T smaller than *mut T, we need to initialize the extra
// bytes. TODO: figure out a way to initialize these bytes (to
// the satisfaction of defined behavior) without zeroing them,
// if possible.
let mut blob: MaybeUninit<*mut T> = if size_of::<T>() < size_of::<*mut T>() {
MaybeUninit::zeroed()
} else {
MaybeUninit::uninit()
};
// Need to init (zero) all bytes. Even if sizeof(T) == sizeof(*T),
// T may contain unused/uninit padding bytes. TODO: figure out a way
// to initialize these bytes (to the satisfaction of defined
// behavior) without zeroing them, if possible.
let mut blob: MaybeUninit<*mut T> = MaybeUninit::zeroed();

let ptr = blob.as_mut_ptr();

Expand Down Expand Up @@ -320,6 +316,52 @@ impl<T> Stowaway<T> {
storage as *mut ()
}
}
// These tests are designed to detect undefined behavior in miri under naive,
// incorrect implementations of Stowaway.
#[cfg(test)]
mod test_for_uninit_bytes {
use crate::{stow, unstow};
#[test]
fn zst() {
#[derive(Clone, Copy, Debug, Eq, PartialEq)]
struct Zst;
let x = Zst;
let stowed = stow(x);
let unstowed = unsafe { unstow(stowed) };
assert_eq!(x, unstowed);
}
#[test]
fn small_t() {
let x: u8 = 7;
let stowed = stow(x);
let unstowed = unsafe { unstow(stowed) };
assert_eq!(x, unstowed);
}
#[test]
fn t_with_gaps_32() {
#[derive(Clone, Copy, Debug, Eq, PartialEq)]
struct Gaps32 {
a: u8,
b: u16,
}
let x = Gaps32 { a: 7, b: 42 };
let stowed = stow(x);
let unstowed = unsafe { unstow(stowed) };
assert_eq!(x, unstowed);
}
#[test]
fn t_with_gaps_64() {
#[derive(Clone, Copy, Debug, Eq, PartialEq)]
struct Gaps64 {
a: u8,
b: u32,
}
let x = Gaps64 { a: 7, b: 42 };
let stowed = stow(x);
let unstowed = unsafe { unstow(stowed) };
assert_eq!(x, unstowed);
}
}

impl<T> Drop for Stowaway<T> {
fn drop(&mut self) {
Expand Down
2 changes: 1 addition & 1 deletion test.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,4 +6,4 @@ cargo clean
cargo fmt -- --check
cargo clippy -- -Dwarnings
cargo test
cargo miri test
cargo +nightly miri test