Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cmsg_space still seems to be unsound #1142

Closed
MikailBag opened this issue Oct 22, 2019 · 1 comment · Fixed by #1156
Closed

cmsg_space still seems to be unsound #1142

MikailBag opened this issue Oct 22, 2019 · 1 comment · Fixed by #1156

Comments

@MikailBag
Copy link
Contributor

MikailBag commented Oct 22, 2019
edited

I'm confused by this line: https://docs.rs/nix/0.15.0/src/nix/sys/socket/mod.rs.html#316
You create Vec of u8's, and then set_len to capacity.
This code works on stable, but nightly Miri rejects it: https://play.rust-lang.org/?version=nightly&mode=debug&edition=2018&gist=d86164c2556514deed58418394277481
Note that macro returns vector, so user can e.g. dbg! it, or observe it contents in any other way.

AFAIK, whether primitive types can have uninitialized bits is topic of active discussion, and such usage probably should be avoided
@MikailBag MikailBag changed the title cmsg_space seems to still be unsound cmsg_space still seems to be unsound Oct 22, 2019
@asomers
Copy link
Member

asomers commented Oct 27, 2019

Yep, the rules on uninitialized memory keep getting stricter. The best way to solve this particular problem would probably be to:

  1. Remove CmsgSpace. There's already been a full release with it deprecated, so we can remove it now.
  2. Remove the CmsgBuffer trait, and make recvmsg's cmsg_buffer argument be of type Vec.
  3. Add a set_len to recvmsg's ok path.

However, there are other functions that need to be changed to, to work in the world of MaybeUninit. recvmsg's iov argument, for one, cannot currently be used that way.

@asomers asomers mentioned this issue Dec 1, 2019
Merged
bors bot added a commit that referenced this issue Dec 1, 2019
@bors @asomers
Merge #1156
2267b3f 
1156: Remove the deprecated CmsgSpace r=asomers a=asomers

This eliminates one of the last remaining uninitialized memory accesses
in Nix.

Fixes #1142

Co-authored-by: Alan Somers <asomers@gmail.com>
@bors bors bot closed this as completed in 2643afc Dec 1, 2019
kevinwern pushed a commit to kevinwern/nix that referenced this issue Dec 2, 2019
@asomers @kevinwern
Remove the deprecated CmsgSpace
70d6e67 
This eliminates one of the last remaining uninitialized memory accesses
in Nix.

Fixes nix-rust#1142
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Remove the deprecated CmsgSpace asomers/nix
2 participants
@asomers @MikailBag