From 4fbdca15357a2a488f467e930fa5949297127233 Mon Sep 17 00:00:00 2001 From: Martin von Zweigbergk Date: Mon, 18 Sep 2023 10:30:28 -0700 Subject: [PATCH] Remove unsafe and unnecessary `size` argument from `FileDesc::read()` The `size` argument to `FileDesc::read()` is not checked against the length of the buffer, so `libc::read()` could end up writing past the buffer if we passed a size that's too large. However, we always pass exactly the size of the buffer, so that doesn't happen. Let's just remove the argument since it's not currently needed, thereby removing the risk of bugs if the function is used incorrectly by future callers. This came up in review of `unsafe` Rust code at my company. --- src/event/source/unix/mio.rs | 2 +- src/terminal/sys/file_descriptor.rs | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/event/source/unix/mio.rs b/src/event/source/unix/mio.rs index c252f120b..f9d595af9 100644 --- a/src/event/source/unix/mio.rs +++ b/src/event/source/unix/mio.rs @@ -93,7 +93,7 @@ impl EventSource for UnixInternalEventSource { match token { TTY_TOKEN => { loop { - match self.tty_fd.read(&mut self.tty_buffer, TTY_BUFFER_SIZE) { + match self.tty_fd.read(&mut self.tty_buffer) { Ok(read_count) => { if read_count > 0 { self.parser.advance( diff --git a/src/terminal/sys/file_descriptor.rs b/src/terminal/sys/file_descriptor.rs index 8df9620a3..81c3fb2e3 100644 --- a/src/terminal/sys/file_descriptor.rs +++ b/src/terminal/sys/file_descriptor.rs @@ -29,12 +29,12 @@ impl FileDesc { FileDesc { fd, close_on_drop } } - pub fn read(&self, buffer: &mut [u8], size: usize) -> io::Result { + pub fn read(&self, buffer: &mut [u8]) -> io::Result { let result = unsafe { libc::read( self.fd, buffer.as_mut_ptr() as *mut libc::c_void, - size as size_t, + buffer.len() as size_t, ) };