Small clean-ups (including fix for UB) #616
Conversation
src/slice_transform.rs
Outdated
| let cb = &mut *(raw_cb as *mut TransformCallback); | ||
| let key = slice::from_raw_parts(raw_key as *const u8, key_len as usize); | ||
| cb.in_domain_fn | ||
| .map_or(0xff, |in_domain| in_domain(key) as u8) |
There was a problem hiding this comment.
Returning 0xff here was somewhat questionable (as a bool is expected in C++ land), but not a problem as far as I can tell after reading the current implementation in RocksDB.
| ffi_try!(ffi::rocksdb_open_column_families_with_ttl( | ||
| opts.inner, | ||
| cpath.as_ptr(), | ||
| cfs_v.len() as c_int, | ||
| cfnames.as_ptr(), | ||
| cfopts.as_ptr(), | ||
| cfhandles.as_mut_ptr(), | ||
| &(ttl.as_secs() as c_int) as *const _, | ||
| ttls_v.as_ptr(), |
There was a problem hiding this comment.
I believe this was undefined behavior because the temporary c_int would be out of scope before the pointer is used in the called function.
Aditionally, there would be an out-of-bounds read if cfs_v.len() > 1, because the implementation expects a pointer to cfs_v.len() consecutive entries.
There was a problem hiding this comment.
Perhaps I'm missing something, but where can out-of-bound read occur? cfnames? But it is an array, so everything should be OK. Am I missing something?
There was a problem hiding this comment.
I mean the ttls array. Previously we were passing a pointer to a single integer value (&(ttl.as_secs() as c_int) as *const _), but cfs_v.len() integer values are expected (https://github.com/facebook/rocksdb/blob/f20b674796ffd7ca32471705876fc651b8e246db/db/c.cc#L827-L828), one for each column family.
|
Oh, looks like the pointers to temporaries are fine, actually:
https://doc.rust-lang.org/stable/reference/expressions.html?highlight=Tempo#temporaries That leaves only the out of bounds read as UB, with all other changes being cosmetic. |
| ffi_try!(ffi::rocksdb_open_column_families_with_ttl( | ||
| opts.inner, | ||
| cpath.as_ptr(), | ||
| cfs_v.len() as c_int, | ||
| cfnames.as_ptr(), | ||
| cfopts.as_ptr(), | ||
| cfhandles.as_mut_ptr(), | ||
| &(ttl.as_secs() as c_int) as *const _, | ||
| ttls_v.as_ptr(), |
There was a problem hiding this comment.
Perhaps I'm missing something, but where can out-of-bound read occur? cfnames? But it is an array, so everything should be OK. Am I missing something?
niklasf
changed the title
niklasf
changed the title
|
Rebased since #627 got merged first. |
|
Prepared rustsec advisory rustsec/advisory-db#1237. The changes in this PR are related, because they all adressed clippy lints, but I can split it, if that would be useful. The commits can also be viewed separately. |
Most of these are trivial. I'll highlight some important bits with inline comments.