From e0d70153cdee47421b0ec9220dc8fea65f243cfe Mon Sep 17 00:00:00 2001 From: The8472 Date: Mon, 21 Jun 2021 21:29:43 +0200 Subject: Add comments around code where ordering is important due for panic-safety Iterators contain arbitrary code which may panic. Unsafe code has to be careful to do its state updates at the right point between calls that may panic. --- library/alloc/src/vec/mod.rs | 2 ++ library/alloc/src/vec/source_iter_marker.rs | 4 ++++ library/alloc/src/vec/spec_extend.rs | 2 ++ 3 files changed, 8 insertions(+) (limited to 'library/alloc/src') diff --git a/library/alloc/src/vec/mod.rs b/library/alloc/src/vec/mod.rs index b59d2977add..f3a47cba759 100644 --- a/library/alloc/src/vec/mod.rs +++ b/library/alloc/src/vec/mod.rs @@ -2568,6 +2568,8 @@ impl Vec { } unsafe { ptr::write(self.as_mut_ptr().add(len), element); + // Since next() executes user code which can panic we have to bump the length + // after each step. // NB can't overflow since we would have had to alloc the address space self.set_len(len + 1); } diff --git a/library/alloc/src/vec/source_iter_marker.rs b/library/alloc/src/vec/source_iter_marker.rs index e857d284d3a..d814d4ae355 100644 --- a/library/alloc/src/vec/source_iter_marker.rs +++ b/library/alloc/src/vec/source_iter_marker.rs @@ -89,6 +89,8 @@ fn write_in_place_with_drop( // all we can do is check if it's still in range debug_assert!(sink.dst as *const _ <= src_end, "InPlaceIterable contract violation"); ptr::write(sink.dst, item); + // Since this executes user code which can panic we have to bump the pointer + // after each step. sink.dst = sink.dst.add(1); } Ok(sink) @@ -136,6 +138,8 @@ where let dst = dst_buf.offset(i as isize); debug_assert!(dst as *const _ <= end, "InPlaceIterable contract violation"); ptr::write(dst, self.__iterator_get_unchecked(i)); + // Since this executes user code which can panic we have to bump the pointer + // after each step. drop_guard.dst = dst.add(1); } } diff --git a/library/alloc/src/vec/spec_extend.rs b/library/alloc/src/vec/spec_extend.rs index c6f4f22a01f..c3b4534096d 100644 --- a/library/alloc/src/vec/spec_extend.rs +++ b/library/alloc/src/vec/spec_extend.rs @@ -40,6 +40,8 @@ where iterator.for_each(move |element| { ptr::write(ptr, element); ptr = ptr.offset(1); + // Since the loop executes user code which can panic we have to bump the pointer + // after each step. // NB can't overflow since we would have had to alloc the address space local_len.increment_len(1); }); -- cgit 1.4.1-3-g733a5