Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fn AlignedVec::resize: Validate safety requirements, specifically overflow #1357

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

fn AlignedVec::resize: Validate safety requirements, specifically overflow #1357

wants to merge 3 commits into from
+24 −3

Conversation

HeroicKatora
Copy link

@HeroicKatora HeroicKatora commented Sep 10, 2024
edited by kkysen
Loading

This is a necessary check for soundness, as demonstrated by the test which can SIGSEGV without the check. Before the check, an overflow in the underlying buffer calculation can create incoherent state where the vector believes in an impossibly large buffer of the item type which is not actually backed by a correctly sized buffer of chunks.

HeroicKatora
HeroicKatora commented Sep 10, 2024
View reviewed changes
src/align.rs Outdated Show resolved Hide resolved
@kkysen kkysen self-requested a review September 10, 2024 16:37
@kkysen kkysen self-assigned this Sep 10, 2024
@HeroicKatora
Validate AlignedVec::resize safety requirements
556beac 
This is a necessary check for soundness, as demonstrated by the test
which can SIGSEGV without the check. Before the check, an overflow in
the underlying buffer calculation can create incoherent state where the
vector believes in an impossibly large buffer of the item type which is
not actually backed by a correctly sized buffer of chunks.
@kkysen kkysen changed the title Validate AlignedVec::resize safety requirements fn AlignedVec::resize: Validate safety requirements, specifically overflow Sep 17, 2024
kkysen
kkysen requested changes Sep 17, 2024
View reviewed changes
Copy link
Collaborator

@kkysen kkysen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for finding this bug and the PR!

src/align.rs Outdated Show resolved Hide resolved
src/align.rs Outdated Show resolved Hide resolved
src/align.rs Outdated Show resolved Hide resolved
src/align.rs Outdated Show resolved Hide resolved
kkysen
kkysen requested changes Sep 19, 2024
View reviewed changes
Copy link
Collaborator

@kkysen kkysen left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM now except for that one little comment. Appreciate the NOTEs, too.

src/align.rs
Comment on lines +192 to +194
let Some(new_bytes) = mem::size_of::<T>().checked_mul(new_len) else {
panic!("Resizing would overflow the underlying aligned buffer");
};
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
let Some(new_bytes) = mem::size_of::<T>().checked_mul(new_len) else {
panic!("Resizing would overflow the underlying aligned buffer");
};
let new_bytes = mem::size_of::<T>().checked_mul(new_len)
.expect("Resizing would overflow the underlying aligned buffer");

If we aren't gonna do any fancy #[inline(never)]/#[cold] inner fn stuff for the panic, I'd rather just use .expect here.

(Also not sure if the formatting is right).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kkysen kkysen kkysen requested changes

Assignees

@kkysen kkysen

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Overflows can unsoundly taint length state in AlignedVec
2 participants
@HeroicKatora @kkysen