diff options
| author | Ralf Jung <post@ralfj.de> | 2022-07-09 09:38:07 -0400 |
|---|---|---|
| committer | Ralf Jung <post@ralfj.de> | 2022-07-09 09:38:07 -0400 |
| commit | f6247ffa5afb29fd86d54db8062ff031daa10555 (patch) | |
| tree | 2076a9db9182201eb1fcf7d97c8eb55c4077f6a6 | |
| parent | c4693bc946729393c087fb120af566395915d19d (diff) | |
| download | rust-f6247ffa5afb29fd86d54db8062ff031daa10555.tar.gz rust-f6247ffa5afb29fd86d54db8062ff031daa10555.zip | |
clarify how write_bytes can lead to UB due to invalid values
| -rw-r--r-- | library/core/src/intrinsics.rs | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/library/core/src/intrinsics.rs b/library/core/src/intrinsics.rs index 2895c923adc..4c8619f3135 100644 --- a/library/core/src/intrinsics.rs +++ b/library/core/src/intrinsics.rs @@ -2550,10 +2550,10 @@ pub const unsafe fn copy<T>(src: *const T, dst: *mut T, count: usize) { /// /// * `dst` must be properly aligned. /// -/// Additionally, the caller must ensure that writing `count * -/// size_of::<T>()` bytes to the given region of memory results in a valid -/// value of `T`. Using a region of memory typed as a `T` that contains an -/// invalid value of `T` is undefined behavior. +/// Additionally, note that changing `*dst` in this way can lead to undefined behavior later if the +/// written bytes are not a valid representation of some `T`. For instance, if `dst: *mut bool`, a +/// `dst.write_bytes(0xFFu8, 1)` followed by `dst.read()` is undefined behavior since the `read` +/// tries to construct a `bool` value from `0xFF` which does not represent any `bool`. /// /// Note that even if the effectively copied size (`count * size_of::<T>()`) is /// `0`, the pointer must be non-null and properly aligned. |