Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aio_suspend passes invalid pointers to libc #1980

Closed
djkoloski opened this issue Jan 24, 2023 · 1 comment · Fixed by #2019
Closed

aio_suspend passes invalid pointers to libc #1980

djkoloski opened this issue Jan 24, 2023 · 1 comment · Fixed by #2019

Comments

@djkoloski
Copy link
Contributor

aio_suspend performs this cast on its argument:

pub fn aio_suspend(
    list: &[&dyn AsRef<libc::aiocb>],
    timeout: Option<TimeSpec>,
) -> Result<()> {
    let p = list as *const [&dyn AsRef<libc::aiocb>]
        as *const [*const libc::aiocb] as *const *const libc::aiocb;
    ...

Which is incorrect, as &dyn AsRef<libc::aiocb> is:

  1. A wide pointer with a vtable in its metadata.
  2. Not guaranteed that the data pointer is to a libc::aiocb (it may be a struct that contains a libc::aiocb somewhere).

This should either change the argument to be a slice of thin pointers (e.g. &[&libc::aiocb]) or dynamically allocate a new list and call as_ref() on each member of list.
@djkoloski
Copy link
Contributor Author

This also appears to be the case for lio_listio, which accepts &mut [Pin<&mut dyn AsMut<libc::aiocb>>] and performs a similar incorrect cast.

@asomers asomers mentioned this issue Apr 3, 2023
Open
@asomers asomers mentioned this issue Apr 3, 2023
Merged
bors bot added a commit that referenced this issue Aug 6, 2023
@bors @asomers
Merge #2019 #2087
ea14981 
2019: Fix aio_suspend in non-trivial cases r=asomers a=asomers

aio_suspend would probably fail with EFAULT if the first operation in the list wasn't complete, due to an invalid pointer cast.

Also, deprecate lio_listio, which has the same problem, and others besides.

Fixes #1980

2087: Fix Haiku build by updating tempfile to 3.7.1 r=asomers a=asomers

Stebalien/tempfile#246

Co-authored-by: Alan Somers <asomers@gmail.com>
@bors bors bot closed this as completed in 7baaccd Aug 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix aio_suspend in non-trivial cases asomers/nix
1 participant
@djkoloski