Auto merge of #53804 - RalfJung:ptr-invalid, r=nagisa

fix some uses of pointer intrinsics with invalid pointers [Found by miri](https://github.com/solson/miri/pull/446): * `Vec::into_iter` calls `ptr::read` (and the underlying `copy_nonoverlapping`) with an unaligned pointer to a ZST. [According to LLVM devs](https://bugs.llvm.org/show_bug.cgi?id=38583), this is UB because it contradicts the metadata we are attaching to that pointer. * `HashMap` creation calls `ptr:.write_bytes` on a NULL pointer with a count of 0. This is likely not currently UB *currently*, but it violates the rules we are setting in https://github.com/rust-lang/rust/pull/53783, and we might want to exploit those rules later (e.g. with more `nonnull` attributes for LLVM). Probably what `HashMap` really should do is use `NonNull::dangling()` instead of 0 for the empty case, but that would require a more careful analysis of the code. It seems like ideally, we should do a review of usage of such intrinsics all over libstd to ensure that they use valid pointers even when the size is 0. Is it worth opening an issue for that?
2018-09-16 18:03:39 +00:00 · 2018-09-16 18:03:39 +00:00 · 8a2dec6e58
commit 8a2dec6e58
parent d3cba9b4b4 357c5dacee
2 changed files with 7 additions and 7 deletions
--- a/src/liballoc/vec.rs
+++ b/src/liballoc/vec.rs
@ -2410,9 +2410,8 @@ impl<T> Iterator for IntoIter<T> {
                    // same pointer.
                    self.ptr = arith_offset(self.ptr as *const i8, 1) as *mut T;

-                    // Use a non-null pointer value
-                    // (self.ptr might be null because of wrapping)
-                    Some(ptr::read(1 as *mut T))
+                    // Make up a value of this ZST.
+                    Some(mem::zeroed())
                } else {
                    let old = self.ptr;
                    self.ptr = self.ptr.offset(1);
@ -2451,9 +2450,8 @@ impl<T> DoubleEndedIterator for IntoIter<T> {
                    // See above for why 'ptr.offset' isn't used
                    self.end = arith_offset(self.end as *const i8, -1) as *mut T;

-                    // Use a non-null pointer value
-                    // (self.end might be null because of wrapping)
-                    Some(ptr::read(1 as *mut T))
+                    // Make up a value of this ZST.
+                    Some(mem::zeroed())
                } else {
                    self.end = self.end.offset(-1);

--- a/src/libstd/collections/hash/table.rs
+++ b/src/libstd/collections/hash/table.rs
@ -742,7 +742,9 @@ impl<K, V> RawTable<K, V> {
    ) -> Result<RawTable<K, V>, CollectionAllocErr> {
        unsafe {
            let ret = RawTable::new_uninitialized_internal(capacity, fallibility)?;
-            ptr::write_bytes(ret.hashes.ptr(), 0, capacity);
+            if capacity > 0 {
+                ptr::write_bytes(ret.hashes.ptr(), 0, capacity);
+            }
            Ok(ret)
        }
    }