Miri complains of OOB caused by pointer size mismatch

[YoshikiTakashima]

Hey! Thanks for a cool (and fast) library.

We run miri on dependencies, and I think there may be some memory issues as of 6da6d58. You can trigger this on an 64bit ubuntu machine with cargo miri test fixed_tests::tests::test_invalid_decode_size

$ cargo miri test fixed_tests::tests::test_invalid_decode_size
    Finished test [unoptimized + debuginfo] target(s) in 0.03s
     Running unittests src/lib.rs (target/miri/x86_64-unknown-linux-gnu/debug/deps/integer_encoding-784333d1193fd5df)

running 1 test
test fixed_tests::tests::test_invalid_decode_size - should panic ... error: Undefined Behavior: memory access failed: alloc160031 has size 6, so pointer to 8 bytes starting at offset 0 is out-of-bounds
    --> /home/ubuntu/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/intrinsics.rs:2450:9
     |
2450 |         copy_nonoverlapping(src, dst, count)
     |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ memory access failed: alloc160031 has size 6, so pointer to 8 bytes starting at offset 0 is out-of-bounds
     |
     = help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
     = help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information
     = note: backtrace:
     = note: inside `std::intrinsics::copy_nonoverlapping::<u8>` at /home/ubuntu/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/intrinsics.rs:2450:9
     = note: inside `std::ptr::read_unaligned::<u64>` at /home/ubuntu/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/ptr/mod.rs:1199:9
     = note: inside `std::ptr::const_ptr::<impl *const u64>::read_unaligned` at /home/ubuntu/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/ptr/const_ptr.rs:1191:18
note: inside `<u64 as fixed::FixedInt>::decode_fixed` at src/fixed.rs:83:26
    --> src/fixed.rs:83:26
     |
83   |                 unsafe { (src.as_ptr() as *const $t).read_unaligned() }
     |                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
...
103  | impl_fixedint!(u64);
     | ------------------- in this macro invocation
note: inside `fixed_tests::tests::test_invalid_decode_size` at src/fixed_tests.rs:144:24
    --> src/fixed_tests.rs:144:24
     |
144  |         assert_eq!(33, u64::decode_fixed(&[1, 0, 0, 0, 0, 1]));
     |                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
note: inside closure at src/fixed_tests.rs:143:5
    --> src/fixed_tests.rs:143:5
     |
142  |       #[test]
     |       ------- in this procedural macro expansion
143  | /     fn test_invalid_decode_size() {
144  | |         assert_eq!(33, u64::decode_fixed(&[1, 0, 0, 0, 0, 1]));
145  | |     }
     | |_____^
     = note: this error originates in the macro `impl_fixedint` (in Nightly builds, run with -Z macro-backtrace for more info)

note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace

error: aborting due to previous error

error: test failed, to rerun pass '--lib'

[dermesser]

Thank you, this is one of the warts I hope to fix along with #30 (although it is probably best to introduce a fallible return type like Option).

[alex]

Once this is fixed I think it'd be appropriate to file an advisory in https://github.com/rustsec/advisory-db for this.

[YoshikiTakashima]

That particular case seems to be fixed.