Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Constrain implicit raw pointer conversion to bitwise-copyable values #64927

Closed
atrick opened this issue Apr 5, 2023 · 2 comments
Closed

Constrain implicit raw pointer conversion to bitwise-copyable values #64927

atrick opened this issue Apr 5, 2023 · 2 comments
Assignees
@atrick
Labels
feature A feature request or implementation swift 5.9

Comments

@atrick
Copy link
Contributor

atrick commented Apr 5, 2023

Swift 5.9 introduces warnings that catch conversions from an inout argument in the caller to an UnsafeRawPointer in the callee whenever the original type contains an object reference.

For general types:
warning: forming an 'UnsafeRawPointer' to a variable of type 'T'; this is likely incorrect because 'T' may contain an object reference.

For arrays:
warning: forming an 'UnsafeRawPointer' to a variable of type '[T]'; this is likely incorrect because 'T' may contain an object reference.

For strings:
warning: forming an 'UnsafeRawPointer' to an inout variable of type String exposes the internal representation rather than the string contents.

This issue is explained in the Swift evolution pitch Constrain implicit raw pointer conversion to bitwise-copyable values.

To workaround these warnings, please refer to Workarounds for common cases.

To understand why the warning is necessary, consider these examples. Here, the user likely wants to inspect the contents of a string, but instead they've leaked the internal representation:

func inspectString(string: inout String) {
  readBytes(&string) // reads the string's internal representation
}

This is a pernicious security issue because the code will happen to work during testing for small strings. Removing the '&' sigil changes the string conversion into an array-like conversion:

func inspectString(string: inout String) {
  readBytes(string) // reads the string's characters
}

In the next example, the author clearly expected Foundation.Data to have the same sort of implicit conversion support as Array:

func foo(data: inout Data) {
  readBytes(&data)
}

This compiles without warning, but it unintentionally exposes data object's internal storage representation rather than its elements.
@atrick atrick added bug A deviation from expected or documented behavior. Also: expected but undesirable behavior. triage needed This issue needs more specific labels labels Apr 5, 2023
@atrick atrick self-assigned this Apr 5, 2023
@atrick
Copy link
Contributor Author

atrick commented Apr 5, 2023

See also rdar://97963116 (It's really easy to accidentally corrupt a Data object with the & operator)

@atrick
Copy link
Contributor Author

atrick commented Apr 5, 2023

Fixed in PR: #63825

@atrick atrick closed this as completed Apr 5, 2023
@atrick atrick added swift 5.9 feature A feature request or implementation and removed bug A deviation from expected or documented behavior. Also: expected but undesirable behavior. triage needed This issue needs more specific labels labels Apr 5, 2023
@atrick atrick changed the title Implicit inout conversion to UnsafeRawPointer is unacceptably unsafe Constrain implicit raw pointer conversion to bitwise-copyable values Apr 5, 2023
atrick added a commit to atrick/swift that referenced this issue Apr 5, 2023
@atrick
[Release Notes] Issue swiftlang#64927: Constrain implicit raw pointer
caa1382 
conversion to bitwise-copyable values Add Constrain implicit raw pointer
conversion to bitwise-copyable values
atrick added a commit to atrick/swift that referenced this issue Apr 5, 2023
@atrick
[Release Notes] Issue swiftlang#64927: Constrain implicit raw pointer
998759d 
conversion to bitwise-copyable values
atrick added a commit to atrick/swift that referenced this issue Apr 5, 2023
@atrick
[Release Notes] Issue swiftlang#64927: Constrain implicit raw pointer
6506707 
conversion to bitwise-copyable values
atrick added a commit to atrick/swift that referenced this issue Apr 5, 2023
@atrick
[Release Notes] Issue swiftlang#64927: Constrain implicit raw pointer
1328df1 
conversion to bitwise-copyable values
atrick added a commit that referenced this issue Apr 6, 2023
@atrick
Merge pull request #64928 from atrick/release-notes
315e2f6 
[Release Notes] Issue #64927: Constrain implicit raw pointer
atrick added a commit to atrick/swift that referenced this issue Apr 6, 2023
@atrick
[Release Notes] Issue swiftlang#64927: Constrain implicit raw pointer
81bde88 
conversion to bitwise-copyable values

(cherry picked from commit 1328df1)
atrick added a commit that referenced this issue Apr 6, 2023
@atrick
Merge pull request #64929 from atrick/5.9-release-notes
935ab2e 
[5.9][Release Notes] Issue #64927: Constrain implicit raw pointer
This was referenced Aug 29, 2023
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@atrick atrick

Labels
feature A feature request or implementation swift 5.9
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@atrick