Remove unsafe and unnecessary size argument from FileDesc::read()

The `size` argument to `FileDesc::read()` is not checked against the length of the buffer, so `libc::read()` could end up writing past the buffer if we passed a size that's too large. However, we always pass exactly the size of the buffer, so that doesn't happen. Let's just removing the argument since it's not currently needed, thereby removing the risk of bugs if the function is used incorrectly by future callers. This came up in review of `unsafe` Rust code at my company.
crossterm-rs · Sep 18, 2023 · 2a3b4cc · 2a3b4cc
1 parent 08762b3
commit 2a3b4cc
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/src/event/source/unix/mio.rs b/src/event/source/unix/mio.rs
@@ -93,7 +93,7 @@ impl EventSource for UnixInternalEventSource {
  match token {
  TTY_TOKEN => {
  loop {
- match self.tty_fd.read(&mut self.tty_buffer, TTY_BUFFER_SIZE) {
+ match self.tty_fd.read(&mut self.tty_buffer) {
  Ok(read_count) => {
  if read_count > 0 {
  self.parser.advance(

diff --git a/src/terminal/sys/file_descriptor.rs b/src/terminal/sys/file_descriptor.rs
@@ -29,12 +29,12 @@ impl FileDesc {
  FileDesc { fd, close_on_drop }
  }
 
- pub fn read(&self, buffer: &mut [u8], size: usize) -> io::Result<usize> {
+ pub fn read(&self, buffer: &mut [u8]) -> io::Result<usize> {
  let result = unsafe {
  libc::read(
  self.fd,
  buffer.as_mut_ptr() as *mut libc::c_void,
- size as size_t,
+ buffer.len() as size_t,
  )
  };