Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix UB in Subbuffer::reinterpret #2228

Merged
merged 1 commit into from
Jun 8, 2023
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 11 additions & 7 deletions vulkano/src/buffer/subbuffer.rs
Original file line number Diff line number Diff line change
Expand Up @@ -180,12 +180,14 @@ where
///
/// # Panics
///
/// - Panics if the memory offset of the subbuffer is not aligned to the alignment of `U`.
/// - Panics if the memory offset of the subbuffer is not a multiple of the alignment of `U`.
/// - If `U` is sized, then panics if the subbuffer size doesn't match the size of `U` exactly.
/// - If `U` is unsized, then panics if:
/// - the subbuffer size isn't greater than the size of the head (sized part) of `U`, or
/// - If `U` is unsized, then panics if
/// - the subbuffer size isn't greater than the size of the head (sized part) of `U`,
/// - the subbuffer would have slop when reinterpreted as `U`, meaning that the subbuffer
/// size minus the the size of the head of `U` isn't divisible by the element size of `U`.
/// size minus the the size of the head of `U` isn't divisible by the element size of `U`,
/// or
/// - the subbuffer size isn't a multiple of the alignment of `U`.
pub fn reinterpret<U>(self) -> Subbuffer<U>
where
U: BufferContents + ?Sized,
Expand All @@ -204,12 +206,13 @@ where
///
/// # Safety
///
/// - The memory offset of the subbuffer must be aligned to the alignment of `U`.
/// - The memory offset of the subbuffer must be a multiple of the alignment of `U`.
/// - If `U` is sized, then the subbuffer size must match the size of `U` exactly.
/// - If `U` is unsized, then
/// - the subbuffer size must be greater than the size of the head (sized part) of `U`, and
/// - the subbuffer size must be greater than the size of the head (sized part) of `U`,
/// - the subbuffer must not have slop when reinterpreted as `U`, meaning that the subbuffer
/// size minus the the size of the head of `U` is divisible by the element size of `U`.
/// size minus the the size of the head of `U` is divisible by the element size of `U`, and
/// - the subbuffer size must be a multiple of the alignment of `U`.
#[cfg_attr(not(feature = "document_unchecked"), doc(hidden))]
pub unsafe fn reinterpret_unchecked<U>(self) -> Subbuffer<U>
where
Expand Down Expand Up @@ -259,6 +262,7 @@ where
} else {
assert!(self.size > new_layout.head_size());
assert!((self.size - new_layout.head_size()) % new_layout.element_size().unwrap() == 0);
assert!(is_aligned(self.size(), new_layout.alignment()));
}
}

Expand Down