Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix UB in Subbuffer::reinterpret #2228

Merged
merged 1 commit into from
Jun 8, 2023
Merged

Fix UB in Subbuffer::reinterpret #2228

merged 1 commit into from
Jun 8, 2023

Conversation

marc0246
Copy link
Contributor

@marc0246 marc0246 commented Jun 8, 2023

This could have lead to UB if the stars aligned just right. It only concerns reinterpretation of a lesser-aligned type to a custom DST that has a higher-aligned head plus a lesser-aligned tail:

#[derive(BufferContents)]
#[repr(C)]
struct Example {
    head: u32,
    tail: [u8],
}

let s: Subbuffer<[u8; 5]>;

s.reinterpret::<Example>().write();

The last line is UB because there could be another subbuffer or other allocation right after the given subbuffer, even though the &mut Example above has provenance over 3 bytes past the subbuffer, which could result in an aliasing mutable reference.

At least Subbuffer::reinterpret hasn't been released yet. :)

@Rua Rua merged commit aa82557 into vulkano-rs:master Jun 8, 2023
@marc0246 marc0246 deleted the subbuffer-reinterpret-ub branch June 8, 2023 16:42
hakolao pushed a commit to hakolao/vulkano that referenced this pull request Feb 20, 2024
@marc0246 @hakolao
Fix UB in Subbuffer::reinterpret (vulkano-rs#2228)
471156d
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@marc0246 @Rua