mirror of
https://github.com/rust-embedded/heapless.git
synced 2025-09-27 04:20:24 +00:00
344629e9ed
300: Fix OOB get_unchecked, shadow Vec::as_ptr methods r=japaric a=saethlin The fixes in #280 missed one instance of UB. The get_unchecked_mut inside VacantEntry::Insert can be out of bounds of the initialized region of the backing Vec. When that happens, the call is UB. This is detected both by the standard library's debug assertions which can be enabled with -Zbuild-std and with Miri but only with -Zmiri-tag-raw-pointers. This also adds inherent as_ptr and as_mut_ptr methods to Vec which shadow those provided by the Deref to a slice. Without this shadowing, the change from get_unchecked_mut to as_mut_ptr.add wouldn't actually fix the problem identified by the debug assertions or Miri, it just hides it from the debug assertions. The core problem is that references narrow provenance, so if we want to access outside of the initialized region of a Vec we need to get a pointer to the array without passing through a reference to the initialized region first. The pointers from these shadowing methods can be used to access anywhere in the allocation, whereas vec.as_slice().as_ptr() would be UB to use for access into the uninitialized region. Co-authored-by: Ben Kimock <kimockb@gmail.com>
heapless
staticfriendly data structures that don't require dynamic memory allocation
Documentation
Change log
Tests
# run all
cargo test --features 'serde','x86-sync-pool'
# run only for example histbuf tests
cargo test histbuf --features 'serde','x86-sync-pool'
License
Licensed under either of
-
Apache License, Version 2.0 (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
-
MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)
at your option.
Contribution
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.