Cryptographically verifiable, distributed dependency reviews
Add the last reviewed version to Cargo.toml / [dependencies]:
map_in_place = "0.1.0"
Please, use mobile in landscape.
Filter reviews clicking on the numbers in the summary.
Full column names in tooltip hints: rating Negative, rating Neutral, rating Positive, rating Strong, thoroughness, understanding, reviews count.
© bestia.dev 2023, MIT License, Version: 2023.608.1636
Open source repository for this web app: https://github.com/bestia-dev/cargo_crev_web/
Has unsoundness in a major, safe interface.
The main utility for Vec can reuse an allocation of differing element size
thus violating the explicit requirements of Vec::from_raw_parts and in
particular the allocator contract, potentially leading to memory corruption
on drop of the resulting Vec.
The interface affected are (maybe not complete):
MapVecInPlace::map
MapVecInPlace::map_in_place
MapVecInPlace::filter_map
MapVecInPlace::filter_map_in_place
An analysis of the code to show the issue:
In a macro, this code checks for various size and alignment constraints on
deciding whether to execute an in-place branch or a fallback (that may panic
in some variants).
unsafe {
if size!($a) == 0 || size!($b) == 0 {
$zero
} else if align!($a) != align!($b) {
$alignment
} else if $f(size!($a),size!($b)) {
$incompatible
} else {
$ok
}
}
Already a naming issue appears, as the
$incompatible
branch is actuallytaken when
f
returnstrue
and some instantiation has|a,b| a==b
as thisargument. Consequently, the
incompatible
parameter is filled with thein-place branch in the
fallback
branch where the parameter is$ok:expr
Note that the check for
map
is|a,b| a%b==0
and it invokes$fallback
with the
$ok:expr
argument set tomap_vec(self, f)
(note: thef
here isfrom the parameters of
map
). Themap_vec
function is anunsafe
functioneventually doing the equivalent of
let (ptr, len, cap) = /* The obvious */;
// Some transformation code on
raw
.Vec::from_raw_parts(ptr, len, cap)
This violates very clearly the contract which states: