Possible UB since preadv accepts &[IoVec<&mut [u8]>] #1371
Comments
|
Came here to file the same issue for The language docs on interior mutability seem pretty clear that the current implementation is UB. https://rust-lang.github.io/unsafe-code-guidelines/glossary.html#interior-mutability |
|
Example in the Rust playground that (I think) implements the same behavior as these methods. It works with |
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In Rust, attempting to obtain a mutable reference from an immutable reference is immediately Undefined Behavior, unless UnsafeCell is used, which includes mutable references behind immutable references (
&&mut [u8], or in this case&[IoVec<&mut [u8]>]). This has also been extended to regular pointers, that originate from stack variables or regular references, now that Stacked Borrows is about to get integrated into the compiler. While the Rust compiler may not be ever able to detect UB within preadv, as syscalls are opaque and could have other side-effects, it could theoretically optimize subsequent code under the assumption that the iovec is aliased, and hence cannot allow its data to be mutated for the lifetime of the system call. Not only that, but this behavior could also change arbitrarily in future compiler versions.What I suggest we do to fix this potential issue, is to revert the function signature in
preadv(changed in #914) to take&mut [IoVec<&mut [u8]>], which is somethinglibstdalready does, as well as the regularreadvcall insys::uio. Additionally, we will need to change the implementations ofreadvandpreadvto takeas_mut_ptrrather thanas_ptr, since Rust allows no mutation from any pointer coming fromas_ptr(which borrows &self immutably).The text was updated successfully, but these errors were encountered: