Unsoundness in to_bytes #5

lwz23 · 2024-12-04T14:40:49Z

Hello, I think there is a unsoundness problem in the following code.

pub fn to_bytes<T>(t: &T) -> &[u8] {
    unsafe {
        let len = core::intrinsics::size_of_val(t);
        let ptr: *const u8 = core::intrinsics::transmute(t);
        core::slice::from_raw_parts(ptr, len)
    }
}

The text was updated successfully, but these errors were encountered:

lwz23 · 2024-12-05T07:22:57Z

here is my Poc:

#![feature(core_intrinsics)]
use core::intrinsics::size_of_val;
pub fn to_bytes<T>(t: &T) -> &[u8] {
    unsafe {
        let len = core::intrinsics::size_of_val(t);
        let ptr: *const u8 = core::intrinsics::transmute(t);
        core::slice::from_raw_parts(ptr, len)
    }
}

fn main() {
    #[repr(C)]
    struct MyStruct<'a> {
        a: u8,
        b: &'a u32,
    }

    let value = 42;
    let my_struct = MyStruct {
        a: 1,
        b: &value,
    };

    let bytes = to_bytes(&my_struct);
    println!("{:?}", bytes);
}

Result

PS E:\Github\lwz> cargo +nightly miri run
    Finished `dev` profile [unoptimized + debuginfo] target(s) in 0.00s
     Running `C:\Users\ROG\.rustup\toolchains\nightly-x86_64-pc-windows-msvc\bin\cargo-miri.exe runner target\miri\x86_64-pc-windows-msvc\debug\lwz.exe`
warning: the feature `core_intrinsics` is internal to the compiler or standard library
 --> src\main.rs:2:12
  |
2 | #![feature(core_intrinsics)]
  |            ^^^^^^^^^^^^^^^
  |
  = note: using it is strongly discouraged
  = note: `#[warn(internal_features)]` on by default

warning: unused import: `core::intrinsics::size_of_val`
 --> src\main.rs:3:5
  |
3 | use core::intrinsics::size_of_val;
  |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  |
  = note: `#[warn(unused_imports)]` on by default

error: Undefined Behavior: using uninitialized data, but this operation requires initialized memory
   --> C:\Users\ROG\.rustup\toolchains\nightly-x86_64-pc-windows-msvc\lib\rustlib\src\rust\library\core\src\fmt\num.rs:519:5
    |
519 | /     impl_Display!(
520 | |         i8, u8,
521 | |         i16, u16,
522 | |         i32, u32,
...   |
525 | |         ; as u64 via to_u64 named fmt_u64
526 | |     );
    | |_____^ using uninitialized data, but this operation requires initialized memory
    |
    = help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
    = help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information
    = note: BACKTRACE:
    = note: inside `core::fmt::num::imp::<impl std::fmt::Display for u8>::fmt` at C:\Users\ROG\.rustup\toolchains\nightly-x86_64-pc-windows-msvc\lib\rustlib\src\rust\library\core\src\fmt\num.rs:210:21: 210:25
    = note: inside `core::fmt::num::<impl std::fmt::Debug for u8>::fmt` at C:\Users\ROG\.rustup\toolchains\nightly-x86_64-pc-windows-msvc\lib\rustlib\src\rust\library\core\src\fmt\num.rs:186:25: 186:51
    = note: inside `<&u8 as std::fmt::Debug>::fmt` at C:\Users\ROG\.rustup\toolchains\nightly-x86_64-pc-windows-msvc\lib\rustlib\src\rust\library\core\src\fmt\mod.rs:2393:62: 2393:82
    = note: inside closure at C:\Users\ROG\.rustup\toolchains\nightly-x86_64-pc-windows-msvc\lib\rustlib\src\rust\library\core\src\fmt\builders.rs:741:35: 741:47
    = note: inside closure at C:\Users\ROG\.rustup\toolchains\nightly-x86_64-pc-windows-msvc\lib\rustlib\src\rust\library\core\src\fmt\builders.rs:474:17: 474:36
    = note: inside `std::result::Result::<(), std::fmt::Error>::and_then::<(), {closure@core::fmt::builders::DebugInner<'_, '_>::entry_with<{closure@std::fmt::DebugList<'_, '_>::entry::{closure#0}}>::{closure#0}}>` at C:\Users\ROG\.rustup\toolchains\nightly-x86_64-pc-windows-msvc\lib\rustlib\src\rust\library\core\src\result.rs:1348:22: 1348:27
    = note: inside `core::fmt::builders::DebugInner::<'_, '_>::entry_with::<{closure@std::fmt::DebugList<'_, '_>::entry::{closure#0}}>` at C:\Users\ROG\.rustup\toolchains\nightly-x86_64-pc-windows-msvc\lib\rustlib\src\rust\library\core\src\fmt\builders.rs:460:23: 476:11
    = note: inside `std::fmt::DebugList::<'_, '_>::entry` at C:\Users\ROG\.rustup\toolchains\nightly-x86_64-pc-windows-msvc\lib\rustlib\src\rust\library\core\src\fmt\builders.rs:741:9: 741:48
    = note: inside `std::fmt::DebugList::<'_, '_>::entries::<&u8, std::slice::Iter<'_, u8>>` at C:\Users\ROG\.rustup\toolchains\nightly-x86_64-pc-windows-msvc\lib\rustlib\src\rust\library\core\src\fmt\builders.rs:788:13: 788:31
    = note: inside `<[u8] as std::fmt::Debug>::fmt` at C:\Users\ROG\.rustup\toolchains\nightly-x86_64-pc-windows-msvc\lib\rustlib\src\rust\library\core\src\fmt\mod.rs:2644:9: 2644:44
    = note: inside `<&[u8] as std::fmt::Debug>::fmt` at C:\Users\ROG\.rustup\toolchains\nightly-x86_64-pc-windows-msvc\lib\rustlib\src\rust\library\core\src\fmt\mod.rs:2393:62: 2393:82
    = note: inside `core::fmt::rt::Argument::<'_>::fmt` at C:\Users\ROG\.rustup\toolchains\nightly-x86_64-pc-windows-msvc\lib\rustlib\src\rust\library\core\src\fmt\rt.rs:177:76: 177:95
    = note: inside `std::fmt::write` at C:\Users\ROG\.rustup\toolchains\nightly-x86_64-pc-windows-msvc\lib\rustlib\src\rust\library\core\src\fmt\mod.rs:1189:21: 1189:44
    = note: inside `<std::io::StdoutLock<'_> as std::io::Write>::write_fmt` at C:\Users\ROG\.rustup\toolchains\nightly-x86_64-pc-windows-msvc\lib\rustlib\src\rust\library\std\src\io\mod.rs:1884:15: 1884:43
    = note: inside `<&std::io::Stdout as std::io::Write>::write_fmt` at C:\Users\ROG\.rustup\toolchains\nightly-x86_64-pc-windows-msvc\lib\rustlib\src\rust\library\std\src\io\stdio.rs:792:9: 792:36
    = note: inside `<std::io::Stdout as std::io::Write>::write_fmt` at C:\Users\ROG\.rustup\toolchains\nightly-x86_64-pc-windows-msvc\lib\rustlib\src\rust\library\std\src\io\stdio.rs:766:9: 766:33
    = note: inside `std::io::stdio::print_to::<std::io::Stdout>` at C:\Users\ROG\.rustup\toolchains\nightly-x86_64-pc-windows-msvc\lib\rustlib\src\rust\library\std\src\io\stdio.rs:1122:21: 1122:47
    = note: inside `std::io::_print` at C:\Users\ROG\.rustup\toolchains\nightly-x86_64-pc-windows-msvc\lib\rustlib\src\rust\library\std\src\io\stdio.rs:1232:5: 1232:37
note: inside `main`
   --> src\main.rs:28:5
    |
28  |     println!("{:?}", bytes);
    |     ^^^^^^^^^^^^^^^^^^^^^^^
    = note: this error originates in the macro `impl_Display` which comes from the expansion of the macro `println` (in Nightly builds, run with -Z macro-backtrace for more info)    

note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace

error: aborting due to 1 previous error; 2 warnings emitted

error: process didn't exit successfully: `C:\Users\ROG\.rustup\toolchains\nightly-x86_64-pc-windows-msvc\bin\cargo-miri.exe runner target\miri\x86_64-pc-windows-msvc\debug\lwz.exe` (exit code: 1)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Unsoundness in to_bytes #5

Unsoundness in to_bytes #5

lwz23 commented Dec 4, 2024

lwz23 commented Dec 5, 2024

Unsoundness in to_bytes #5

Unsoundness in to_bytes #5

Comments

lwz23 commented Dec 4, 2024

lwz23 commented Dec 5, 2024