Mirrors/nushell
2
0
Fork 0
mirror of https://github.com/nushell/nushell synced 2025-01-14 14:14:13 +00:00
Code Issues Projects Releases Packages Wiki Activity

Improve safety of get_unchecked_str in nu_system::macos (#12550)

Browse source 
# Description
The implementation of this function had a few issues before:

- It didn't check that the `cp` pointer is actually ahead of the `start`
pointer, so `len` could potentially underflow and wrap around, which
would be a violation of memory safety
- It used `Vec::from_raw_parts` even though the buffer is borrowed, not
owned. Although `std::mem::forget` is used later to ensure the
destructor doesn't run, there is a risk that the destructor would run if
a panic happened during `String::from_utf8_unchecked`, which would lead
to a `free()` of a pointer we don't own
This commit is contained in:
Devyn Cairns 2024-04-17 02:10:05 -07:00 committed by GitHub
parent 9a739d9f0d
commit b296d6ee3c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 3 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
crates/nu-system/src/macos.rs
View file

@ -146,11 +146,9 @@ pub struct PathInfo {
#[cfg_attr(tarpaulin, ignore)] #[cfg_attr(tarpaulin, ignore)]
unsafe fn get_unchecked_str(cp: *mut u8, start: *mut u8) -> String { unsafe fn get_unchecked_str(cp: *mut u8, start: *mut u8) -> String {
let len = cp as usize - start as usize; let len = (cp as usize).saturating_sub(start as usize);
let part = Vec::from_raw_parts(start, len, len); let part = std::slice::from_raw_parts(start, len);
let tmp = String::from_utf8_unchecked(part.clone()); String::from_utf8_unchecked(part.to_vec())
::std::mem::forget(part);
tmp
} }
#[cfg_attr(tarpaulin, ignore)] #[cfg_attr(tarpaulin, ignore)]