-
Notifications
You must be signed in to change notification settings - Fork 12.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Soundness issue in Zip::next()
specialization
#81740
Comments
The bug fixed by this PR seems to have the same consequence, but it didn't get the unsound label. |
Seems like this would be fixed by simply doing the same as in the first branch of the |
Agreed :)
Not in the meantime. Fill free to work on a PR if you are interested. |
Sure, why not :) |
Assigning |
…pecialization-panic-safety, r=KodrAus Increment `self.index` before calling `Iterator::self.a.__iterator_ge… …`t_unchecked` in `Zip` `TrustedRandomAccess` specialization Otherwise if `Iterator::self.a.__iterator_get_unchecked` panics the index would not have been incremented yet and another call to `Iterator::next` would read from the same index again, which is not allowed according to the API contract of `TrustedRandomAccess` for `!Clone`. Fixes rust-lang#81740
…pecialization-panic-safety, r=KodrAus Increment `self.index` before calling `Iterator::self.a.__iterator_ge… …`t_unchecked` in `Zip` `TrustedRandomAccess` specialization Otherwise if `Iterator::self.a.__iterator_get_unchecked` panics the index would not have been incremented yet and another call to `Iterator::next` would read from the same index again, which is not allowed according to the API contract of `TrustedRandomAccess` for `!Clone`. Fixes rust-lang#81740
…pecialization-panic-safety, r=KodrAus Increment `self.index` before calling `Iterator::self.a.__iterator_ge… …`t_unchecked` in `Zip` `TrustedRandomAccess` specialization Otherwise if `Iterator::self.a.__iterator_get_unchecked` panics the index would not have been incremented yet and another call to `Iterator::next` would read from the same index again, which is not allowed according to the API contract of `TrustedRandomAccess` for `!Clone`. Fixes rust-lang#81740
rust/library/core/src/iter/adapters/zip.rs
Lines 191 to 211 in e708cbd
rust/library/core/src/iter/adapters/zip.rs
Lines 395 to 396 in e708cbd
There is a panic safety issue in
Zip::next()
that allows to call__iterator_get_unchecked()
to the same index twice.__iterator_get_unchecked()
is called at line 204 and theindex
is updated at line 206. If line 204 panics, the index is not updated and the subsequentnext()
call will use the same index for__iterator_get_unchecked()
. This violates the second safety requirement ofTrustedRandomAccess
.Here is a playground link that demonstrates creating two mutable references to the same memory location without using unsafe Rust.
The text was updated successfully, but these errors were encountered: