Skip to content

Built-in indexing doesn't ensure bounds checks stay valid #65909

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
matthewjasper opened this issue Oct 28, 2019 · 0 comments · Fixed by #65608
Closed

Built-in indexing doesn't ensure bounds checks stay valid #65909

matthewjasper opened this issue Oct 28, 2019 · 0 comments · Fixed by #65608
Assignees
@matthewjasper
Labels
A-MIR Area: Mid-level IR (MIR) - https://blog.rust-lang.org/2016/04/19/MIR.html C-bug Category: This is a bug. I-unsound Issue: A soundness hole (worst kind of bug), see: https://en.wikipedia.org/wiki/Soundness T-compiler Relevant to the compiler team, which will review and decide on the PR/issue.

Comments

@matthewjasper
Copy link
Contributor

For example, the bounds check for x[1] in the following code is invalidated by the assignment in the next indexer.

fn modify_after_assert_slice_array(x: &[&[i32; 3]]) -> i32 {
    let mut x = x;
    let z = [1, 2, 3];
    let y = &[&z];
    // 1. checks `x[1]` is not out of bounds - OK `x.len() = 2`.
    // 2. modifies `x` so that `x == y`. Now `x.len() == 1`
    // 3. tries to read `x[1][2]` which is now out of bounds.
    x[1][{ x = y; 2}]
}
fn main() {
    println!("{}", modify_after_assert_slice_array(&[&[4, 5, 6], &[9, 10, 11]]));
}
@matthewjasper matthewjasper added A-MIR Area: Mid-level IR (MIR) - https://blog.rust-lang.org/2016/04/19/MIR.html I-unsound Issue: A soundness hole (worst kind of bug), see: https://en.wikipedia.org/wiki/Soundness labels Oct 28, 2019
@matthewjasper matthewjasper self-assigned this Oct 28, 2019
@matthewjasper matthewjasper mentioned this issue Oct 28, 2019
Merged
@jonas-schievink jonas-schievink added C-bug Category: This is a bug. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. labels Oct 28, 2019
@bors bors closed this as completed in 4f03f4a Nov 12, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@matthewjasper matthewjasper

Labels
A-MIR Area: Mid-level IR (MIR) - https://blog.rust-lang.org/2016/04/19/MIR.html C-bug Category: This is a bug. I-unsound Issue: A soundness hole (worst kind of bug), see: https://en.wikipedia.org/wiki/Soundness T-compiler Relevant to the compiler team, which will review and decide on the PR/issue.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix MIR lowering evaluation order and soundness bug matthewjasper/rust
2 participants
@jonas-schievink @matthewjasper