From f44b264447f0d1b42676e7ea99a04d140749f65b Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Thu, 23 May 2019 16:30:16 +0200 Subject: fix dangling reference in Vec::append --- src/liballoc/tests/vec.rs | 5 +++-- src/liballoc/vec.rs | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) (limited to 'src/liballoc') diff --git a/src/liballoc/tests/vec.rs b/src/liballoc/tests/vec.rs index 545332bcd6a..3307bdf94f9 100644 --- a/src/liballoc/tests/vec.rs +++ b/src/liballoc/tests/vec.rs @@ -1,5 +1,3 @@ -#![cfg(not(miri))] - use std::borrow::Cow; use std::mem::size_of; use std::{usize, isize}; @@ -763,6 +761,7 @@ fn from_into_inner() { it.next().unwrap(); let vec = it.collect::>(); assert_eq!(vec, [2, 3]); + #[cfg(not(miri))] // Miri does not support comparing dangling pointers assert!(ptr != vec.as_ptr()); } @@ -971,6 +970,7 @@ fn test_reserve_exact() { } #[test] +#[cfg(not(miri))] // Miri does not support signalling OOM fn test_try_reserve() { // These are the interesting cases: @@ -1073,6 +1073,7 @@ fn test_try_reserve() { } #[test] +#[cfg(not(miri))] // Miri does not support signalling OOM fn test_try_reserve_exact() { // This is exactly the same as test_try_reserve with the method changed. diff --git a/src/liballoc/vec.rs b/src/liballoc/vec.rs index 073d3ab5937..dc661a267e2 100644 --- a/src/liballoc/vec.rs +++ b/src/liballoc/vec.rs @@ -1094,7 +1094,7 @@ impl Vec { let count = (*other).len(); self.reserve(count); let len = self.len(); - ptr::copy_nonoverlapping(other as *const T, self.get_unchecked_mut(len), count); + ptr::copy_nonoverlapping(other as *const T, self.as_mut_ptr().add(len), count); self.len += count; } -- cgit 1.4.1-3-g733a5 From 6116f19f7baa3c1f7ed4659aa3b9b5ec5ff8ac3e Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Thu, 23 May 2019 17:58:25 +0200 Subject: Box::into_unique: do the reborrow-to-raw *after* destroying the Box --- src/liballoc/boxed.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'src/liballoc') diff --git a/src/liballoc/boxed.rs b/src/liballoc/boxed.rs index 024594517d9..0e40e4f371a 100644 --- a/src/liballoc/boxed.rs +++ b/src/liballoc/boxed.rs @@ -253,15 +253,15 @@ impl Box { #[unstable(feature = "ptr_internals", issue = "0", reason = "use into_raw_non_null instead")] #[inline] #[doc(hidden)] - pub fn into_unique(mut b: Box) -> Unique { + pub fn into_unique(b: Box) -> Unique { + let mut unique = b.0; + mem::forget(b); // Box is kind-of a library type, but recognized as a "unique pointer" by // Stacked Borrows. This function here corresponds to "reborrowing to // a raw pointer", but there is no actual reborrow here -- so // without some care, the pointer we are returning here still carries // the `Uniq` tag. We round-trip through a mutable reference to avoid that. - let unique = unsafe { b.0.as_mut() as *mut T }; - mem::forget(b); - unsafe { Unique::new_unchecked(unique) } + unsafe { Unique::new_unchecked(unique.as_mut() as *mut T) } } /// Consumes and leaks the `Box`, returning a mutable reference, -- cgit 1.4.1-3-g733a5 From 8d4e7fde479e018d3caf37d1d12f47710183252e Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Thu, 23 May 2019 18:13:02 +0200 Subject: adjust comment --- src/liballoc/boxed.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/liballoc') diff --git a/src/liballoc/boxed.rs b/src/liballoc/boxed.rs index 0e40e4f371a..97c2d8e7a8e 100644 --- a/src/liballoc/boxed.rs +++ b/src/liballoc/boxed.rs @@ -260,7 +260,8 @@ impl Box { // Stacked Borrows. This function here corresponds to "reborrowing to // a raw pointer", but there is no actual reborrow here -- so // without some care, the pointer we are returning here still carries - // the `Uniq` tag. We round-trip through a mutable reference to avoid that. + // the tag of `b`, with `Unique` permission. + // We round-trip through a mutable reference to avoid that. unsafe { Unique::new_unchecked(unique.as_mut() as *mut T) } } -- cgit 1.4.1-3-g733a5