Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Address new nightly unsafe precondition check panics #2841

Merged
merged 2 commits into from
Feb 12, 2024
Merged

Address new nightly unsafe precondition check panics #2841

merged 2 commits into from
Feb 12, 2024

Conversation

riverar
Copy link
Collaborator

@riverar riverar commented Feb 11, 2024
edited
Loading

Passing size=0, ptr=0 into std::slice::from_raw_parts is undefined behavior and is no longer safe to rely upon. Also addresses an unaligned pointer used by Event.

See also:
rust-lang/rust#120902
rust-lang/rust#120594

@ChrisDenton
Copy link
Collaborator

ChrisDenton commented Feb 11, 2024
edited
Loading

Thank you for looking into this. It seems there's still one more failure:

thread 'add_remove' panicked at library\core\src\panicking.rs:155:5:
unsafe precondition(s) violated: slice::from_raw_parts requires the pointer to be aligned and non-null, and the total size of the slice not to exceed `isize::MAX`
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
thread caused non-unwinding panic. aborting.
error: test failed, to rerun pass `-p test_event --test tests`

Which indirectly points to

windows-rs/crates/libs/core/src/event.rs

Lines 161 to 167 in 40f671b

fn as_slice(&self) -> &[Delegate<T>] {
if self.is_empty() {
&[]
} else {
unsafe { std::slice::from_raw_parts((*self.buffer).as_ptr(), self.len) }
}
}

But that looks totally fine on its own. The empty case is checked and I very strongly doubt the size exceeds isize::MAX. Which just leaves alignment of the buffer.

So looking at Buffer::new:

windows-rs/crates/libs/core/src/event.rs

Lines 205 to 216 in 40f671b

fn new(len: usize) -> Result<*mut Self> {
if len == 0 {
Ok(std::ptr::null_mut())
} else {
let alloc_size = std::mem::size_of::<Self>() + len * std::mem::size_of::<Delegate<T>>();
let header = crate::imp::heap_alloc(alloc_size)? as *mut Self;
unsafe {
header.write(Self(crate::imp::RefCount::new(1), std::marker::PhantomData));
}
Ok(header)
}
}

It uses HeapAlloc, which aligns to 16 (or 8 on 32-bit) but then it writes a header which, is essentially an AtomicI32. Meaning the data itself is only 4 byte aligned.

Quick fix here would be to add an #[repr(align(8))] to Buffer to add padding to the header. Something a bit more involved would be to fully account for the type's alignment when determining the offset of the buffer's data.

@kennykerr
Copy link
Collaborator

Thanks all. #[repr(align(8))] should do the trick for Event.

@riverar riverar changed the title Quick return if FormatMessage fails Address new nightly unsafe precondition check panics Feb 12, 2024
kennykerr
kennykerr approved these changes Feb 12, 2024
View reviewed changes
Copy link
Collaborator

@kennykerr kennykerr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@riverar riverar merged commit 71dcb5f into master Feb 12, 2024
65 checks passed
@riverar riverar deleted the rafael/slice-nightly branch February 12, 2024 17:03
@kennykerr
Copy link
Collaborator

I'll probably publish an update to crates.io soon to avoid dependents having issues with nightly.

@kennykerr
Copy link
Collaborator

But we should probably get the feature doc search feature integrated before then. Let me know if there's anything else top of mind.

@tim-weis tim-weis mentioned this pull request Feb 16, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kennykerr kennykerr kennykerr approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@riverar @ChrisDenton @kennykerr