Transmuting &mut MaybeUninit::zeroed() to &mut [u8] is unsound
#2319
Comments
kupiakos
changed the title
MaybeUninit::zeroed() to &mut [u8] is unsound&mut MaybeUninit::zeroed() to &mut [u8] is unsound
kupiakos
added a commit
to kupiakos/zerocopy
that referenced
this issue
Feb 7, 2025
kupiakos
added a commit
to kupiakos/zerocopy
that referenced
this issue
Feb 7, 2025
kupiakos
added a commit
to kupiakos/zerocopy
that referenced
this issue
Feb 7, 2025
kupiakos
added a commit
to kupiakos/zerocopy
that referenced
this issue
Feb 7, 2025
See google#2319. Backport of google#2320.
kupiakos
added a commit
to kupiakos/zerocopy
that referenced
this issue
Feb 7, 2025
See google#2319. Backport of google#2320.
kupiakos
added a commit
to kupiakos/zerocopy
that referenced
this issue
Feb 7, 2025
kupiakos
added a commit
to kupiakos/zerocopy
that referenced
this issue
Feb 8, 2025
See google#2319. Includes a Miri test confirming the previous unsoundness.
kupiakos
added a commit
to kupiakos/zerocopy
that referenced
this issue
Feb 8, 2025
See google#2319. Backport of google#2320. Includes a Miri test confirming the previous unsoundness.
kupiakos
added a commit
to kupiakos/zerocopy
that referenced
this issue
Feb 8, 2025
See google#2319. Backport of google#2320. Includes a Miri test confirming the previous unsoundness.
kupiakos
added a commit
to kupiakos/zerocopy
that referenced
this issue
Feb 8, 2025
See google#2319. Includes a Miri test confirming the previous unsoundness.
kupiakos
added a commit
to kupiakos/zerocopy
that referenced
this issue
Feb 17, 2025
See google#2319. Includes a Miri test confirming the previous unsoundness.
joshlf
pushed a commit
to kupiakos/zerocopy
that referenced
this issue
Feb 19, 2025
See google#2319. Includes a Miri test confirming the previous unsoundness. gherrit-pr-id: Iede94c196c710c74d970c93935f1539e07446e50
joshlf
pushed a commit
to kupiakos/zerocopy
that referenced
this issue
Feb 19, 2025
See google#2319. Includes a Miri test confirming the previous unsoundness. gherrit-pr-id: Iede94c196c710c74d970c93935f1539e07446e50
google-pr-creation-bot
pushed a commit
to google-pr-creation-bot/zerocopy
that referenced
this issue
Feb 19, 2025
See google#2319. Includes a Miri test confirming the previous unsoundness. gherrit-pr-id: Iede94c196c710c74d970c93935f1539e07446e50
github-merge-queue bot
pushed a commit
that referenced
this issue
Feb 19, 2025
See #2319. Includes a Miri test confirming the previous unsoundness. gherrit-pr-id: Iede94c196c710c74d970c93935f1539e07446e50
github-merge-queue bot
pushed a commit
that referenced
this issue
Feb 19, 2025
See #2319. Includes a Miri test confirming the previous unsoundness. gherrit-pr-id: Iede94c196c710c74d970c93935f1539e07446e50 Co-authored-by: Alyssa Haroldsen <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Progress
FromBytes::read_from_ioThese days,
MaybeUninit::zeroedis pretty clear that you cannot expect all padding bytes to be zero in the output value (same formem::zeroed). Zerocopy mentions this, but it doesn't seem fully internalized by the library:FromZeros::zerocontradicts this, stating that it's similar to*self = Self::new_zeroed()and that the difference is it doesn't semantically drop anything. This isn't the only difference!zerois capable of fully zeroing all of the bytes of an object until it is moved into, while*self = Self::new_zeroed()doesn't guarantee you can then soundly access as a byte slice unless thatSelf: IntoBytes.FromZeros::new_zeroeddoesn't mention the same caveat asMaybeUninit::zeroedat all even though it applies.FromBytes::read_from_iois unsound, since there may still be padding bytes for!IntoBytestypes fromnew_zeroed. It should be constructing aMaybeUninit::uninit()then zeroing its bytes before casting to&mut [u8].I'll send a PR fixing the unsoundness issue. I'm also interested in improving the documentation to be more consistent and to provide clear working alternatives to documented unsound operations.
The text was updated successfully, but these errors were encountered: