diff options
| author | Bart Jacobs <bart.jacobs@cs.kuleuven.be> | 2025-08-07 21:27:12 +0200 |
|---|---|---|
| committer | Bart Jacobs <bart.jacobs@cs.kuleuven.be> | 2025-09-05 10:21:21 +0200 |
| commit | 96f385b20aa252629570cadeca16a9e159e6810c (patch) | |
| tree | e9bb28a09f42420807af60bbb29abcd53fd0824d /library/alloc/src/task.rs | |
| parent | 91edc3ebccc4daa46c20a93f4709862376da1fdd (diff) | |
| download | rust-96f385b20aa252629570cadeca16a9e159e6810c.tar.gz rust-96f385b20aa252629570cadeca16a9e159e6810c.zip | |
RawVecInner: add missing `unsafe` to unsafe fns
- RawVecInner::grow_exact causes UB if called with len and additional arguments such that len + additional is less than the current capacity. Indeed, in that case it calls Allocator::grow with a new_layout that is smaller than old_layout, which violates a safety precondition. - All RawVecInner methods for resizing the buffer cause UB if called with an elem_layout different from the one used to initially allocate the buffer, because in that case Allocator::grow/shrink is called with an old_layout that does not fit the allocated block, which violates a safety precondition. - RawVecInner::current_memory might cause UB if called with an elem_layout different from the one used to initially allocate the buffer, because the unchecked_mul might overflow. - Furthermore, these methods cause UB if called with an elem_layout where the size is not a multiple of the alignment. This is because Layout::repeat is used (in layout_array) to compute the allocation's layout when allocating, which includes padding to ensure alignment of array elements, but simple multiplication is used (in current_memory) to compute the old allocation's layout when resizing or deallocating, which would cause the layout used to resize or deallocate to not fit the allocated block, which violates a safety precondition.
Diffstat (limited to 'library/alloc/src/task.rs')
0 files changed, 0 insertions, 0 deletions