-
Notifications
You must be signed in to change notification settings - Fork 13k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Borrowck regression: allows segfault in 1.27.1 #52213
Comments
Here is an example of being able to segfault in safe rust on beta enum Inner {
Stack {
data: [u8;23]
},
Heap {
data: Box<[u8]>
}
}
struct SmallString {
len: usize,
inner: Inner
}
impl SmallString {
fn push_str(&mut self, item: &str) {
match (&mut self.inner, self.len + item.len()) {
(Inner::Heap { data }, x) => {
println!("{}", data.len());
if x > data.len() {
self.grow();
// data is now garbage pointer
}
println!("{:?}", data);
},
_ => ()
}
}
fn grow(&mut self){
// Invalidate borrowed Heap.data
self.inner = Inner::Stack { data: [1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] };
}
}
fn main (){
let slice = "this is gonna go bad".to_owned().into_bytes().into_boxed_slice();
let mut ss = SmallString { len: slice.len(), inner: Inner::Heap { data: slice } };
ss.push_str(" right now");
} |
Turns out this regression is now also in the new patch release on stable! |
cc @nikomatsakis #51686. |
@rust-lang/compiler the obligatory ping to all of you. |
Minified: fn transmute_lifetime<'a, 'b, T>(t: &'a (T,)) -> &'b T {
match (&t, ()) {
((t,), ()) => t,
}
}
fn main() {
let x = {
let y = Box::new((42,));
transmute_lifetime(&y)
};
println!("{}", x);
} |
Did anyone verify that this reproduces on 1.27.1? I am not sure |
And now I'm in the state of "how does this ever work", given that |
@arielb1: Your minified example compiles with 1.27.1, and so does the second example in this thread. |
I have a fix up, will push it soon. |
This looks like a typo introduced in rust-lang#51686. Fixes rust-lang#52213.
This looks like a typo introduced in rust-lang#51686. Fixes rust-lang#52213.
The following sample correctly fails to build on stable channel, but erroneously passes on beta and nightly.
It's worth noting that with NLL turned on it also correctly fails to build.
The text was updated successfully, but these errors were encountered: