Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix vec::IntoIter::drop on high-alignment ZST #106084

Merged
merged 2 commits into from
Dec 24, 2022
Merged

Conversation

RalfJung
Copy link
Member

This fixes a soundness bug: IntoIter would call drop_in_place on an insufficiently aligned pointer. So if a ZST with alignment greater 1 had drop glue, that would be called with an unaligned reference. Since #103957, Miri checks alignment even if the type does not have drop glue, which is how this bug was found.

r? @thomcc

@rustbot rustbot added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-libs Relevant to the library team, which will review and decide on the PR/issue. labels Dec 23, 2022
@rustbot
Copy link
Collaborator

rustbot commented Dec 23, 2022

The Miri subtree was changed

cc @rust-lang/miri

Hey! It looks like you've submitted a new PR for the library teams!

If this PR contains changes to any rust-lang/rust public library APIs then please comment with @rustbot label +T-libs-api -T-libs to tag it appropriately. If this PR contains changes to any unstable APIs please edit the PR description to add a link to the relevant API Change Proposal or create one if you haven't already. If you're unsure where your change falls no worries, just leave it as is and the reviewer will take a look and make a decision to forward on if necessary.

Examples of T-libs-api changes:

  • Stabilizing library features
  • Introducing insta-stable changes such as new implementations of existing stable traits on existing stable types
  • Introducing new or changing existing unstable library APIs (excluding permanently unstable features / features without a tracking issue)
  • Changing public documentation in ways that create new stability guarantees
  • Changing observable runtime behavior of library APIs

self.ptr = self.end;
// For th ZST case, it is crucial that we mutate `end` here, not `ptr`.
// `ptr` must stay aligned, while `end` may be unaligned.
self.end = self.ptr;
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FWIW I don't think we have a test for this (with a ZST that needs alignment)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wouldn't it be better to add the tests to std instead of the miri testsuite then?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure how this test would be written in std in a way that would actually test the behavior except under miri.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe by adding an unsafe precondition debug assert to drop_in_place?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would not be opposed to that, but I don't think it needs to be done in this PR.

// which is valid for ZSTs.
self.ptr = self.ptr.wrapping_byte_add(step_size);
// See `next` for why we sub `end` here.
self.end = self.end.wrapping_byte_sub(step_size);
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FWIW I don't think we have a test for this (with a ZST that needs alignment)

@thomcc
Copy link
Member

thomcc commented Dec 23, 2022

Subtle, nice catch.

@bors r+ rollup

@bors
Copy link
Contributor

bors commented Dec 23, 2022

📌 Commit a48d2e1 has been approved by thomcc

It is now in the queue for this repository.

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Dec 23, 2022
matthiaskrgr added a commit to matthiaskrgr/rust that referenced this pull request Dec 23, 2022
fix vec::IntoIter::drop on high-alignment ZST

This fixes a soundness bug: IntoIter would call `drop_in_place` on an insufficiently aligned pointer. So if a ZST with alignment greater 1 had drop glue, that would be called with an unaligned reference. Since rust-lang#103957, Miri checks alignment even if the type does not have drop glue, which is how this bug was found.

r? `@thomcc`
bors added a commit to rust-lang-ci/rust that referenced this pull request Dec 24, 2022
…iaskrgr

Rollup of 7 pull requests

Successful merges:

 - rust-lang#105970 (docs/test: add UI test and long-form error docs for E0462)
 - rust-lang#105975 (rustc: Remove needless lifetimes)
 - rust-lang#106069 (rustdoc: use a more evocative name for CSS/JS `#titles`)
 - rust-lang#106084 (fix vec::IntoIter::drop on high-alignment ZST)
 - rust-lang#106091 (Use correct CSS pseudo-element selector)
 - rust-lang#106093 (rustdoc: remove no-op CSS from `.docblock-short`)
 - rust-lang#106102 (Fix `triagebot.toml`)

Failed merges:

 - rust-lang#106028 (docs/test: add UI test and long-form error docs for `E0461`)

r? `@ghost`
`@rustbot` modify labels: rollup
@bors bors merged commit 61fadf8 into rust-lang:master Dec 24, 2022
@rustbot rustbot added this to the 1.68.0 milestone Dec 24, 2022
@RalfJung
Copy link
Member Author

RalfJung commented Dec 24, 2022 via email

@RalfJung RalfJung deleted the into-iter branch December 24, 2022 08:02
bors added a commit to rust-lang-ci/rust that referenced this pull request Dec 25, 2022
add lib tests for vec::IntoIter alignment issues

This adds non-Miri tests for the issue fixed in rust-lang#106084

r? `@thomcc`
Aaron1011 pushed a commit to Aaron1011/rust that referenced this pull request Jan 6, 2023
fix vec::IntoIter::drop on high-alignment ZST

This fixes a soundness bug: IntoIter would call `drop_in_place` on an insufficiently aligned pointer. So if a ZST with alignment greater 1 had drop glue, that would be called with an unaligned reference. Since rust-lang#103957, Miri checks alignment even if the type does not have drop glue, which is how this bug was found.

r? ``@thomcc``
Aaron1011 pushed a commit to Aaron1011/rust that referenced this pull request Jan 6, 2023
…iaskrgr

Rollup of 7 pull requests

Successful merges:

 - rust-lang#105970 (docs/test: add UI test and long-form error docs for E0462)
 - rust-lang#105975 (rustc: Remove needless lifetimes)
 - rust-lang#106069 (rustdoc: use a more evocative name for CSS/JS `#titles`)
 - rust-lang#106084 (fix vec::IntoIter::drop on high-alignment ZST)
 - rust-lang#106091 (Use correct CSS pseudo-element selector)
 - rust-lang#106093 (rustdoc: remove no-op CSS from `.docblock-short`)
 - rust-lang#106102 (Fix `triagebot.toml`)

Failed merges:

 - rust-lang#106028 (docs/test: add UI test and long-form error docs for `E0461`)

r? `@ghost`
`@rustbot` modify labels: rollup
thomcc pushed a commit to tcdi/postgrestd that referenced this pull request May 31, 2023
add lib tests for vec::IntoIter alignment issues

This adds non-Miri tests for the issue fixed in rust-lang/rust#106084

r? `@thomcc`
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. T-libs Relevant to the library team, which will review and decide on the PR/issue.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants