On Fri, Aug 30, 2024 at 12:25:27AM +0200, Danilo Krummrich wrote:
> On Thu, Aug 29, 2024 at 07:14:18PM +0000, Benno Lossin wrote:
> > On 16.08.24 02:11, Danilo Krummrich wrote:
> >
> > > +
> > > + if layout.size() == 0 {
> > > + // SAFETY: `src` has been created by `Self::alloc_store_data`.
> >
> > This is not true, consider:
> >
> > let ptr = alloc(size = 0);
> > free(ptr)
> >
> > Alloc will return a dangling pointer due to the first if statement and
> > then this function will pass it to `free_read_data`, even though it
> > wasn't created by `alloc_store_data`.
> > This isn't forbidden by the `Allocator` trait function's safety
> > requirements.
> >
> > > + unsafe { Self::free_read_data(src) };
> > > +
> > > + return Ok(NonNull::slice_from_raw_parts(NonNull::dangling(), 0));
> > > + }
> > > +
> > > + let dst = Self::alloc(layout, flags)?;
> > > +
> > > + // SAFETY: `src` has been created by `Self::alloc_store_data`.
> > > + let data = unsafe { Self::data(src) };
> >
> > Same issue here, if the allocation passed in is zero size. I think you
> > have no other choice than to allocate even for zero size requests...
> > Otherwise how would you know that they are zero-sized.
>
> Good catch - gonna fix it.
Almost got me. :) I think the code is fine, callers are not allowed to pass
pointers to `realloc` and `free`, which haven't been allocated with the same
corresponding allocator or are dangling.
>
> >
> > ---
> > Cheers,
> > Benno
> >
> > > +
> > > + // SAFETY: `src` has previously been allocated with this `Allocator`; `dst` has just been
> > > + // newly allocated. Copy up to the smaller of both sizes.
> > > + unsafe {
> > > + ptr::copy_nonoverlapping(
> > > + src.as_ptr(),
> > > + dst.as_ptr().cast(),
> > > + cmp::min(layout.size(), data.size),
> > > + )
> > > + };
> > > +
> > > + // SAFETY: `src` has been created by `Self::alloc_store_data`.
> > > + unsafe { Self::free_read_data(src) };
> > > +
> > > + Ok(dst)
> > > }
> > > }
> > > --
> > > 2.46.0
> > >
> >
