From 69972b8262fbe03c28450c4c18961b41ad92af6a Mon Sep 17 00:00:00 2001 From: Lukasz Anforowicz Date: Tue, 29 Aug 2023 20:52:45 +0000 Subject: [PATCH] Fix soundness of `write_to_spare_capacity_of_vec`. Fixes https://github.com/rust-lang/flate2-rs/issues/220 --- src/mem.rs | 20 +++++++------------- 1 file changed, 7 insertions(+), 13 deletions(-) diff --git a/src/mem.rs b/src/mem.rs index 6d311a6f..d4a50917 100644 --- a/src/mem.rs +++ b/src/mem.rs @@ -573,19 +573,13 @@ fn write_to_spare_capacity_of_vec( let cap = output.capacity(); let len = output.len(); - // FIXME: This is unsound - see https://github.com/rust-lang/flate2-rs/issues/220 - // (The code below reimplements `Vec::spare_capacity_mut`, but returns `&mut [u8]` - // instead of `&mut [MaybeUninit]`.) - unsafe { - let (bytes_written, ret) = { - let ptr = output.as_mut_ptr().add(len); - let out = slice::from_raw_parts_mut(ptr, cap - len); - writer(out) - }; - let new_len = core::cmp::min(len + bytes_written, cap); // Sanitizes `bytes_written`. - output.set_len(new_len); - ret - } + output.resize(output.capacity(), 0); + let (bytes_written, ret) = writer(&mut output[len..]); + + let new_len = core::cmp::min(len + bytes_written, cap); // Sanitizes `bytes_written`. + output.resize(new_len, 0 /* unused */); + + ret } #[cfg(test)]