Unsound usages of unsafe implementation from `buf` to `$t` about rsdns HOT 5 CLOSED

@llooFlashooll

Thanks for reporting this!

I am not completely understanding the possible UB scenario.

The r_be macro (and its counterparts) are private to the bytes package and are used only in the implementation of Cursor which defines the buffer as buf: &'a [u8].

This line ensures that the number of bytes in the buffer is sufficient to read type $t
if $self.len() >= std::mem::size_of::<$t>().

And this line reads the pointer unaligned let v = unsafe { ptr.read_unaligned() };.

The macro is used to read u16, u32 and u128. The size of these types is indeed larger than u8. However, given that the pointer is explicitly read unaligned, where is the misalignment issue that you mention?

Can you elaborate on the possible misalignment? or undefined behavior?

from rsdns.

@llooFlashooll

Did you mean that the line let ptr = buf.as_ptr() as *const $t; creates a temporary unaligned reference of type &t, which is the UB?
If yes, can you point me to the relevant documentation? Cause the documentation [1] of as_ptr doesn't mention that. The examples of "On packed structs" in [2] do not involve calling as_ptr.

[1] https://doc.rust-lang.org/std/primitive.slice.html#method.as_ptr
[2] https://doc.rust-lang.org/std/ptr/fn.read_unaligned.html#on-packed-structs

from rsdns.

Thanks for your kind and detailed response! I just woke up due to the jet lag. I understand now! I believe the ptr is created as a temporary unaligned reference of type &t. Since the read_unaligned() is used, there won't be more issues. Nevertheless, the value being read may output meaningless data.

from rsdns.

@llooFlashooll

ptr is created as a temporary unaligned Pointer, not Reference (correct me if I am wrong here). If it was an unaligned Reference it would be UB. According to documentation that you have included above [1] creation of an unaligned Pointer itself isn't a UB. This together with read_unaligned ensures no UB.

You are right, the value being read may output meaningless data. However, this is not related to using unsafe Rust or using a misaligned pointer. For example, you can read meaningless data from a file on disk even in a program written in completely safe Rust #![forbid(unsafe_code)].

[1] https://doc.rust-lang.org/reference/behavior-considered-undefined.html#places-based-on-misaligned-pointers

from rsdns.

Yes. ptr is a temporary pointer. Then I think read_unaligned can be used to mitigate the UB. Thanks for your kind and detailed discussion!

from rsdns.