-
Notifications
You must be signed in to change notification settings - Fork 353
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
report unsound issue in bcc #2042
base: main
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fn null_or_mut_ptr<T>(s: &mut Vec<u8>) -> *mut T {
if s.capacity() == 0 {
ptr::null_mut()
} else {
s.as_mut_ptr() as *mut T
}
}
This is safe function containing safe code. I do not see any credible way this could be unsound.
Hi, I think this safe function contains unsafe code which is the raw pointer. And conversion between raw pointer is unsound since it bypasses the Rust safety guarantee. It can create a misaligned pointer. For example, by calling this function, we can construct this example. Besides, the generic T can be any other possible types. The u8 type can be cast into any other type, not just this case. fn main() {
let mut vec = vec![1u8];
let ptr = null_or_mut_ptr::<u64>(&mut vec);
unsafe {
let value: u64 = *ptr;
}
} |
Your example while indeed incorrect rust does not discredit As fare as I can tell Not involving a generic i.e. using |
Hi, thanks for your detailed and reasonable reply! I agree with your comment, and the unsafe consequence would depend on how the users use the code. Based on your description, can I switch to apply for an ID under the unmaintained category? Seems like this repo still needs further maintenance while doesn't. |
For more information, see: rust-bcc/issues/200
In the meantime, bcc will no longer be maintained. Users are encouraged to migrate to libbpf-rs.