-
Notifications
You must be signed in to change notification settings - Fork 12.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Don't do pointer arithmetic on pointers to deallocated memory #106950
Conversation
r? @cuviper (rustbot has picked a reviewer for you, use r? to override) |
Hey! It looks like you've submitted a new PR for the library teams! If this PR contains changes to any Examples of
|
8ebd114
to
7b900c9
Compare
Thanks! Would be good to add a regression test in fn miri_issue_2759() {
let mut input = "1".to_string();
input.replace_range(0..0, "0");
} |
The Miri subtree was changed cc @rust-lang/miri |
LGTM, but we should probably get a T-libs review. |
library/alloc/src/vec/splice.rs
Outdated
// At this point draining is done and the only remaining tasks are splicing | ||
// and moving things into the final place. | ||
// Which means we can replace the slice::Iter with pointers that won't point to deallocated | ||
// memory. This makes Miri happy. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's not just about pleasing Miri, right?
// memory. This makes Miri happy. | |
// memory, and `Drain::drop` can still see that it's empty. This also makes Miri happy. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well, logically it already was 0-length before, just the way it calculated the way was Miri-UB but not LLVM-UB because we're not emitting any hints that llvm could exploit. But that rephrase is not quite right either, it's about Drain being allowed to calculate the length at all.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated it.
vec::Splice can invalidate the slice::Iter inside vec::Drain. So we replace them with dangling pointers which, unlike ones to deallocated memory, are allowed.
b35278e
to
2d54b7c
Compare
@bors r+ |
Don't do pointer arithmetic on pointers to deallocated memory vec::Splice can invalidate the slice::Iter inside vec::Drain. So we replace them with dangling pointers which, unlike ones to deallocated memory, are allowed. Fixes miri test failures. Fixes rust-lang/miri#2759
Rollup of 5 pull requests Successful merges: - rust-lang#103702 (Lift `T: Sized` bounds from some `strict_provenance` pointer methods) - rust-lang#106441 (relax reference requirement on SocketAddrExt::from_abstract_name) - rust-lang#106718 (finish trait solver skeleton work) - rust-lang#106950 (Don't do pointer arithmetic on pointers to deallocated memory) - rust-lang#107014 (rustdoc: remove deprecated / unused code from main.js) Failed merges: r? `@ghost` `@rustbot` modify labels: rollup
vec::Splice can invalidate the slice::Iter inside vec::Drain. So we replace them with dangling pointers which, unlike ones to deallocated memory, are allowed.
Fixes miri test failures.
Fixes rust-lang/miri#2759