Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Miri does not check all offset_from conditions #1950

Closed
RalfJung opened this issue Dec 29, 2021 · 1 comment · Fixed by rust-lang/rust#94827
Closed

Miri does not check all offset_from conditions #1950

RalfJung opened this issue Dec 29, 2021 · 1 comment · Fixed by rust-lang/rust#94827
Labels
A-shims Area: This affects the external function shims C-bug Category: This is a bug. I-misses-UB Impact: makes Miri miss UB, i.e., a false negative (with default settings)

Comments

@RalfJung
Copy link
Member

offset_from currently requires that:

Both the starting and other pointer must be either in bounds or one byte past the end of the same allocated object.

However, Miri fails to check this condition -- the following program should error, but it does not:

fn main() {
    let start_ptr = &() as *const ();
    let length = 10;
    let end_ptr = (start_ptr as *const u8).wrapping_add(length) as *const ();
    unsafe { (end_ptr as *const u8).offset_from(start_ptr as *const u8); }
}
@RalfJung RalfJung added C-bug Category: This is a bug. A-shims Area: This affects the external function shims I-misses-UB Impact: makes Miri miss UB, i.e., a false negative (with default settings) labels Dec 29, 2021
@RalfJung
Copy link
Member Author

RalfJung commented Dec 29, 2021
edited
Loading

This UB also makes it impossible to do some things during CTFE that should be possible (Cc slightlyoutofphase/staticvec#48), so possibly we should change the UB rules here. At least it should be possible to write code like the above example in a way that can be executed at compile time without UB. Also see the discussion on Zulip.

@RalfJung RalfJung mentioned this issue Jan 3, 2022
Open
This was referenced Mar 5, 2022
Closed
Closed
Merged
Dylan-DPC added a commit to Dylan-DPC/rust that referenced this issue Mar 11, 2022
@Dylan-DPC
Rollup merge of rust-lang#94827 - RalfJung:offset-from-ub, r=oli-obk
8de8975 
CTFE/Miri: detect out-of-bounds pointers in offset_from

Also I became uneasy with aggressively doing `try_to_int` here -- this will always succeed on Miri, leading to the wrong codepath being taken. We should rather try to convert them both to pointers, and use the integer path as a fallback, so that's what I implemented now.

Hiding whitespaces helps with the diff.

Fixes rust-lang/miri#1950

r? `@oli-obk`
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-shims Area: This affects the external function shims C-bug Category: This is a bug. I-misses-UB Impact: makes Miri miss UB, i.e., a false negative (with default settings)
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

CTFE/Miri: detect out-of-bounds pointers in offset_from RalfJung/rust
1 participant
@RalfJung