Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Merged by Bors] - Fix query.to_readonly().get_component_mut() soundness bug #6401

Closed
wants to merge 2 commits into from
Closed

[Merged by Bors] - Fix query.to_readonly().get_component_mut() soundness bug #6401

wants to merge 2 commits into from

Conversation

cart
Copy link
Member

@cart cart commented Oct 29, 2022

Objective

Fix the soundness issue outlined in #5866. In short the problem is that query.to_readonly().get_component_mut::<T>() can provide unsound mutable access to the component. This PR is an alternative to just removing the offending api. Given that to_readonly is a useful tool, I think this approach is a preferable short term solution. Long term I think theres a better solution out there, but we can find that on its own time.

Solution

Add what amounts to a "dirty flag" that marks Queries that have been converted to their read-only variant via to_readonly as dirty. When this flag is set to true, get_component_mut will fail with an error, preventing the unsound access.

@cart cart added A-ECS Entities, components, systems, and events P-Unsound A bug that results in undefined compiler behavior labels Oct 29, 2022
@cart cart added this to the Bevy 0.9 milestone Oct 29, 2022
@cart cart mentioned this pull request Oct 29, 2022
Closed
alice-i-cecile
alice-i-cecile approved these changes Oct 29, 2022
View reviewed changes
Copy link
Member

@alice-i-cecile alice-i-cecile left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah okay it's hacky but fixes the problem without losing this very nice tool.

james7132
james7132 approved these changes Oct 29, 2022
View reviewed changes
Copy link
Member

@james7132 james7132 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm in agreement with Alice that this is pretty hacky, but it works.

@james7132 james7132 added the S-Ready-For-Final-Review This PR has been approved by the community. It's ready for a maintainer to consider merging it label Oct 29, 2022
@cart
Copy link
Member Author

cart commented Oct 29, 2022

bors r+

bors bot pushed a commit that referenced this pull request Oct 29, 2022
@cart
Fix query.to_readonly().get_component_mut() soundness bug (#6401)
dfb80ee 
# Objective

Fix the soundness issue outlined in #5866. In short the problem is that `query.to_readonly().get_component_mut::<T>()` can provide unsound mutable access to the component. This PR is an alternative to just removing the offending api. Given that `to_readonly` is a useful tool, I think this approach is a preferable short term solution. Long term I think theres a better solution out there, but we can find that on its own time.

## Solution

Add what amounts to a "dirty flag" that marks Queries that have been converted to their read-only variant via `to_readonly` as dirty. When this flag is set to true, `get_component_mut` will fail with an error, preventing the unsound access.
@bors
Copy link
Contributor

bors bot commented Oct 29, 2022

Pull request successfully merged into main.

Build succeeded:

@bors bors bot changed the title Fix query.to_readonly().get_component_mut() soundness bug [Merged by Bors] - Fix query.to_readonly().get_component_mut() soundness bug Oct 29, 2022
@bors bors bot closed this Oct 29, 2022
@james7132 james7132 mentioned this pull request Nov 18, 2022
Closed
ItsDoot pushed a commit to ItsDoot/bevy that referenced this pull request Feb 1, 2023
@cart @ItsDoot
Fix query.to_readonly().get_component_mut() soundness bug (bevyengine…
16d316f 
…#6401)

# Objective

Fix the soundness issue outlined in bevyengine#5866. In short the problem is that `query.to_readonly().get_component_mut::<T>()` can provide unsound mutable access to the component. This PR is an alternative to just removing the offending api. Given that `to_readonly` is a useful tool, I think this approach is a preferable short term solution. Long term I think theres a better solution out there, but we can find that on its own time.

## Solution

Add what amounts to a "dirty flag" that marks Queries that have been converted to their read-only variant via `to_readonly` as dirty. When this flag is set to true, `get_component_mut` will fail with an error, preventing the unsound access.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BoxyUwU BoxyUwU BoxyUwU approved these changes

@alice-i-cecile alice-i-cecile alice-i-cecile approved these changes

@james7132 james7132 james7132 approved these changes

Assignees
No one assigned
Labels
A-ECS Entities, components, systems, and events P-Unsound A bug that results in undefined compiler behavior S-Ready-For-Final-Review This PR has been approved by the community. It's ready for a maintainer to consider merging it
Projects
None yet
Milestone
Bevy 0.9
Development

Successfully merging this pull request may close these issues.
5 participants
@cart @james7132 @alice-i-cecile @BoxyUwU @mockersf