diff options
| author | kennytm <kennytm@gmail.com> | 2018-10-01 16:12:54 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-10-01 16:12:54 +0800 |
| commit | 818a05d6e3243cd3ea9dcc655db5c9882f850cb7 (patch) | |
| tree | 40cea2c7e8bb84eef371b74d2d45e98cc46cb83e | |
| parent | f55129d0037c112a80276ee1de0c2245ddc6462c (diff) | |
| parent | e370b1ccaed1f2775e2d944acc2898c98b415083 (diff) | |
| download | rust-818a05d6e3243cd3ea9dcc655db5c9882f850cb7.tar.gz rust-818a05d6e3243cd3ea9dcc655db5c9882f850cb7.zip | |
Rollup merge of #53784 - tbu-:pr_doc_slice_isize_max, r=RalfJung
Document that slices cannot be larger than `isize::MAX` bytes Fixes #53676.
| -rw-r--r-- | src/libcore/slice/mod.rs | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/src/libcore/slice/mod.rs b/src/libcore/slice/mod.rs index 05027bbe898..d400bd49050 100644 --- a/src/libcore/slice/mod.rs +++ b/src/libcore/slice/mod.rs @@ -34,6 +34,7 @@ use cmp::Ordering::{self, Less, Equal, Greater}; use cmp; use fmt; use intrinsics::assume; +use isize; use iter::*; use ops::{FnMut, Try, self}; use option::Option; @@ -4080,6 +4081,9 @@ unsafe impl<'a, T> TrustedRandomAccess for ChunksExactMut<'a, T> { /// them from other data. You can obtain a pointer that is usable as `data` /// for zero-length slices using [`NonNull::dangling()`]. /// +/// The total size of the slice must be no larger than `isize::MAX` **bytes** +/// in memory. See the safety documentation of [`pointer::offset`]. +/// /// # Caveat /// /// The lifetime for the returned slice is inferred from its usage. To @@ -4101,10 +4105,13 @@ unsafe impl<'a, T> TrustedRandomAccess for ChunksExactMut<'a, T> { /// ``` /// /// [`NonNull::dangling()`]: ../../std/ptr/struct.NonNull.html#method.dangling +/// [`pointer::offset`]: ../../std/primitive.pointer.html#method.offset #[inline] #[stable(feature = "rust1", since = "1.0.0")] pub unsafe fn from_raw_parts<'a, T>(data: *const T, len: usize) -> &'a [T] { debug_assert!(data as usize % mem::align_of::<T>() == 0, "attempt to create unaligned slice"); + debug_assert!(mem::size_of::<T>().saturating_mul(len) <= isize::MAX as usize, + "attempt to create slice covering half the address space"); Repr { raw: FatPtr { data, len } }.rust } @@ -4114,15 +4121,19 @@ pub unsafe fn from_raw_parts<'a, T>(data: *const T, len: usize) -> &'a [T] { /// This function is unsafe for the same reasons as [`from_raw_parts`], as well /// as not being able to provide a non-aliasing guarantee of the returned /// mutable slice. `data` must be non-null and aligned even for zero-length -/// slices as with [`from_raw_parts`]. See the documentation of -/// [`from_raw_parts`] for more details. +/// slices as with [`from_raw_parts`]. The total size of the slice must be no +/// larger than `isize::MAX` **bytes** in memory. +/// +/// See the documentation of [`from_raw_parts`] for more details. /// /// [`from_raw_parts`]: ../../std/slice/fn.from_raw_parts.html #[inline] #[stable(feature = "rust1", since = "1.0.0")] pub unsafe fn from_raw_parts_mut<'a, T>(data: *mut T, len: usize) -> &'a mut [T] { debug_assert!(data as usize % mem::align_of::<T>() == 0, "attempt to create unaligned slice"); - Repr { raw: FatPtr { data, len} }.rust_mut + debug_assert!(mem::size_of::<T>().saturating_mul(len) <= isize::MAX as usize, + "attempt to create slice covering half the address space"); + Repr { raw: FatPtr { data, len } }.rust_mut } /// Converts a reference to T into a slice of length 1 (without copying). |