itsscb/tokio
1
0
Fork 0
mirror of https://github.com/tokio-rs/tokio.git synced 2025-10-01 12:20:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

udp: document and shrink some unsafe blocks (#4655)

Browse Source 
This documents why it is safe to convert `bytes::UninitSlice` to `&mut
[MaybeUninit<u8>]`, and shrinks one of the unsafe blocks to make these
functions easier to audit.
This commit is contained in:
Erick Tryzelaar 2022-05-05 15:48:39 -04:00 committed by GitHub
parent 2a305d2423
commit c5ff797dcf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
tokio-util/src/lib.rs
View File

@ -115,6 +115,9 @@ mod util {
let n = { let n = {
let dst = buf.chunk_mut(); let dst = buf.chunk_mut();
// Safety: `chunk_mut()` returns a `&mut UninitSlice`, and `UninitSlice` is a
// transparent wrapper around `[MaybeUninit<u8>]`.
let dst = unsafe { &mut *(dst as *mut _ as *mut [MaybeUninit<u8>]) }; let dst = unsafe { &mut *(dst as *mut _ as *mut [MaybeUninit<u8>]) };
let mut buf = ReadBuf::uninit(dst); let mut buf = ReadBuf::uninit(dst);
let ptr = buf.filled().as_ptr(); let ptr = buf.filled().as_ptr();

14
tokio-util/src/udp/frame.rs
View File

@ -81,17 +81,21 @@ where
} }
// We're out of data. Try and fetch more data to decode // We're out of data. Try and fetch more data to decode
let addr = unsafe { let addr = {
// Convert `&mut [MaybeUnit<u8>]` to `&mut [u8]` because we will be // Safety: `chunk_mut()` returns a `&mut UninitSlice`, and `UninitSlice` is a
// writing to it via `poll_recv_from` and therefore initializing the memory. // transparent wrapper around `[MaybeUninit<u8>]`.
let buf = &mut *(pin.rd.chunk_mut() as *mut _ as *mut [MaybeUninit<u8>]); let buf = unsafe { &mut *(pin.rd.chunk_mut() as *mut _ as *mut [MaybeUninit<u8>]) };
let mut read = ReadBuf::uninit(buf); let mut read = ReadBuf::uninit(buf);
let ptr = read.filled().as_ptr(); let ptr = read.filled().as_ptr();
let res = ready!(pin.socket.borrow().poll_recv_from(cx, &mut read)); let res = ready!(pin.socket.borrow().poll_recv_from(cx, &mut read));
assert_eq!(ptr, read.filled().as_ptr()); assert_eq!(ptr, read.filled().as_ptr());
let addr = res?; let addr = res?;
pin.rd.advance_mut(read.filled().len());
// Safety: This is guaranteed to be the number of initialized (and read) bytes due
// to the invariants provided by `ReadBuf::filled`.
unsafe { pin.rd.advance_mut(read.filled().len()) };
addr addr
}; };