Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Soundness hole in Ptr::read_unaligned #1892

Open
joshlf opened this issue Oct 12, 2024 · 0 comments
Open

Soundness hole in Ptr::read_unaligned #1892

joshlf opened this issue Oct 12, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@joshlf
Copy link
Member

joshlf commented Oct 12, 2024

From what I can tell, it's not exercised anywhere in the codebase.

Ptr::read_unaligned permits reading from a shared pointer through UnsafeCells:

zerocopy/src/pointer/mod.rs

Lines 35 to 53 in 7349fe0

impl<'a, T, Aliasing, Alignment> MaybeAligned<'a, T, Aliasing, Alignment>
where
T: 'a + ?Sized,
Aliasing: invariant::Aliasing + invariant::AtLeast<invariant::Shared>,
Alignment: invariant::Alignment,
{
/// Reads the value from `MaybeAligned`.
#[must_use]
#[inline]
pub fn read_unaligned(self) -> T
where
T: Copy,
{
let raw = self.as_non_null().as_ptr();
// SAFETY: By invariant on `MaybeAligned`, `raw` contains
// validly-initialized data for `T`. The value is safe to read and
// return, because `T` is copy.
unsafe { core::ptr::read_unaligned(raw) }
}

We should either add an Immutable bound or an AliasingSafe bound.
@joshlf joshlf added the bug Something isn't working label Oct 12, 2024
joshlf added a commit that referenced this issue Oct 12, 2024
@joshlf
[pointer] Add separate PtrInner
834edc6 
`PtrInner` carries all invariants which are not controlled by type
parameters. Since `PtrInner` does not promise to uphold aliasing,
alignment, or validity, we can move some utility methods to `PtrInner`
which previously were responsible for maintaining invariants orthogonal
to their purpose.

Makes progress on #1892 (still needs to be fixed on v0.8.x)
Closes #1890
@joshlf joshlf mentioned this issue Oct 12, 2024
Merged
joshlf added a commit that referenced this issue Oct 12, 2024
@joshlf
[pointer] Add separate PtrInner
403a13c 
`PtrInner` carries all invariants which are not controlled by type
parameters. Since `PtrInner` does not promise to uphold aliasing,
alignment, or validity, we can move some utility methods to `PtrInner`
which previously were responsible for maintaining invariants orthogonal
to their purpose.

Makes progress on #1892 (still needs to be fixed on v0.8.x)
Closes #1890
joshlf added a commit that referenced this issue Oct 12, 2024
@joshlf
[pointer] Fix soundness hole in read_unaligned
ab1b95f 
Makes progress on #1892
@joshlf joshlf mentioned this issue Oct 12, 2024
Merged
joshlf added a commit that referenced this issue Oct 12, 2024
@joshlf
[pointer] Add separate PtrInner
4a51127 
`PtrInner` carries all invariants which are not controlled by type
parameters. Since `PtrInner` does not promise to uphold aliasing,
alignment, or validity, we can move some utility methods to `PtrInner`
which previously were responsible for maintaining invariants orthogonal
to their purpose.

Makes progress on #1892 (still needs to be fixed on v0.8.x)
Closes #1890
joshlf added a commit that referenced this issue Oct 12, 2024
@joshlf
[pointer] Fix soundness hole in read_unaligned
c09c35f 
Makes progress on #1892
joshlf added a commit that referenced this issue Oct 12, 2024
@joshlf
[pointer] Add separate PtrInner
d439158 
`PtrInner` carries all invariants which are not controlled by type
parameters. Since `PtrInner` does not promise to uphold aliasing,
alignment, or validity, we can move some utility methods to `PtrInner`
which previously were responsible for maintaining invariants orthogonal
to their purpose.

Makes progress on #1892 (still needs to be fixed on v0.8.x)
Closes #1890
joshlf added a commit that referenced this issue Oct 12, 2024
@joshlf
[pointer] Add separate PtrInner
5879a7e 
`PtrInner` carries all invariants which are not controlled by type
parameters. Since `PtrInner` does not promise to uphold aliasing,
alignment, or validity, we can move some utility methods to `PtrInner`
which previously were responsible for maintaining invariants orthogonal
to their purpose.

Makes progress on #1892 (still needs to be fixed on v0.8.x)
Closes #1890
joshlf added a commit that referenced this issue Oct 13, 2024
@joshlf
[pointer] Add separate PtrInner
47a4678 
`PtrInner` carries all invariants which are not controlled by type
parameters. Since `PtrInner` does not promise to uphold aliasing,
alignment, or validity, we can move some utility methods to `PtrInner`
which previously were responsible for maintaining invariants orthogonal
to their purpose.

Makes progress on #1892 (still needs to be fixed on v0.8.x)
Closes #1890
github-merge-queue bot pushed a commit that referenced this issue Oct 14, 2024
@joshlf
[pointer] Fix soundness hole in read_unaligned (#1893)
0405574 
Makes progress on #1892
joshlf added a commit that referenced this issue Oct 14, 2024
@joshlf
[pointer] Add separate PtrInner
782e615 
`PtrInner` carries all invariants which are not controlled by type
parameters. Since `PtrInner` does not promise to uphold aliasing,
alignment, or validity, we can move some utility methods to `PtrInner`
which previously were responsible for maintaining invariants orthogonal
to their purpose.

Makes progress on #1892 (still needs to be fixed on v0.8.x)
Closes #1890
joshlf added a commit that referenced this issue Oct 14, 2024
@joshlf
[pointer] Add separate PtrInner
869dc7c 
`PtrInner` carries all invariants which are not controlled by type
parameters. Since `PtrInner` does not promise to uphold aliasing,
alignment, or validity, we can move some utility methods to `PtrInner`
which previously were responsible for maintaining invariants orthogonal
to their purpose.

Makes progress on #1892 (still needs to be fixed on v0.8.x)
Closes #1890
joshlf added a commit that referenced this issue Oct 14, 2024
@joshlf
[pointer] Add separate PtrInner
1b205a0 
`PtrInner` carries all invariants which are not controlled by type
parameters. Since `PtrInner` does not promise to uphold aliasing,
alignment, or validity, we can move some utility methods to `PtrInner`
which previously were responsible for maintaining invariants orthogonal
to their purpose.

Makes progress on #1892 (still needs to be fixed on v0.8.x)
Closes #1890
joshlf added a commit that referenced this issue Oct 14, 2024
@joshlf
[pointer] Add separate PtrInner
620e6ce 
`PtrInner` carries all invariants which are not controlled by type
parameters. Since `PtrInner` does not promise to uphold aliasing,
alignment, or validity, we can move some utility methods to `PtrInner`
which previously were responsible for maintaining invariants orthogonal
to their purpose.

Makes progress on #1892 (still needs to be fixed on v0.8.x)
Closes #1890
github-merge-queue bot pushed a commit that referenced this issue Oct 14, 2024
@joshlf
[pointer] Add separate PtrInner (#1891)
b43c510 
`PtrInner` carries all invariants which are not controlled by type
parameters. Since `PtrInner` does not promise to uphold aliasing,
alignment, or validity, we can move some utility methods to `PtrInner`
which previously were responsible for maintaining invariants orthogonal
to their purpose.

Makes progress on #1892 (still needs to be fixed on v0.8.x)
Closes #1890
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@joshlf