Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unsound usage of Vec::from_raw_parts() #710

Open
shinmao opened this issue Dec 17, 2024 · 0 comments
Open

Unsound usage of Vec::from_raw_parts() #710

shinmao opened this issue Dec 17, 2024 · 0 comments

Comments

@shinmao
Copy link

shinmao commented Dec 17, 2024
edited
Loading

Hi, we consider that the usage of Vec::from_raw_parts() here is unsound

Fyrox/fyrox-core/src/visitor.rs

Lines 554 to 559 in 4724d98

*self.vec = unsafe {
Vec::from_raw_parts(
bytes.as_mut_ptr() as *mut T,
bytes.len() / std::mem::size_of::<T>(),
bytes.capacity() / std::mem::size_of::<T>(),
)

First, since bytes is aligned to 1 byte, misaligned pointer will be passed to from_raw_parts, which is similar to the issue here: #538 (comment)

Second, since the code is trying to casting a pointer of Vec to the pointer of inner type where the Vec has unstable layout.

In the comments, we found the explanation that BinaryBlob has less type safety and it accepts any type T that is Copy, and it lacks the type_id system. Is this method designed for purpose?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@shinmao