rust/alloc at c05a643ca87aec724ef2aa9c44ef9de1ba223d8c - rust

mirror of https://github.com/rust-lang/rust.git synced 2025-06-19 19:17:31 +00:00

History

许杰友 Jieyou Xu (Joe) 7112951caa Rollup merge of #138303 - DiuDiu777:rc-fix, r=Mark-Simulacrum Fix Ptr inconsistency in {Rc,Arc} ### PR Description This pr aims to address the problem discussed on [zulip](https://rust-lang.zulipchat.com/#narrow/channel/219381-t-libs/topic/Inconsistency.20in.20.7BRc.2CArc.7D's.20ptr.20requirements/with/504259637). ### Problem Clarification As this post presents, the `{Rc, Arc}::{in/de-crement_strong_count_/in}` do not limit the layout of the memory that `ptr` points to, while internally `Rc::from_raw_in` is called directly. UB doesn't just appear when the strong count is decremented to zero. Miri also detects the UB of `out-of-bounds pointer use` when increment strong count is called on a pointer with an incorrect layout(shown as below). ```rust use std::rc::Rc; #[repr(align(8))] struct Aligned8(u64); #[repr(align(16))] struct Aligned16(u64); fn main() { let rc: Rc<Aligned8> = Rc::new(Aligned8(42)); let raw_ptr = Rc::into_raw(rc); unsafe { Rc::increment_strong_count(raw_ptr as *const Aligned16); } } ``` Miri output: ``` error: Undefined Behavior: out-of-bounds pointer use: expected a pointer to 32 bytes of memory, but got alloc954 which is only 24 bytes from the end of the allocation ```	2025-03-16 09:40:06 +08:00
..
src	Rollup merge of #138303 - DiuDiu777:rc-fix, r=Mark-Simulacrum	2025-03-16 09:40:06 +08:00
Cargo.toml	Migrate alloc to Rust 2024	2025-03-11 09:46:34 -07:00

许杰友 Jieyou Xu (Joe) 7112951caa

Rollup merge of #138303 - DiuDiu777:rc-fix, r=Mark-Simulacrum

Fix Ptr inconsistency in {Rc,Arc}

### PR Description
This pr aims to address the problem discussed on [zulip](https://rust-lang.zulipchat.com/#narrow/channel/219381-t-libs/topic/Inconsistency.20in.20.7BRc.2CArc.7D's.20ptr.20requirements/with/504259637).

### Problem Clarification
As this post presents, the `{Rc, Arc}::{in/de-crement_strong_count_/in}` do not limit the layout of the memory that `ptr` points to, while internally `Rc::from_raw_in` is called directly.

UB doesn't just appear when the strong count is decremented to zero. Miri also detects the UB of `out-of-bounds pointer use` when increment strong count is called on a pointer with an incorrect layout(shown as below).

```rust
use std::rc::Rc;
#[repr(align(8))]
struct Aligned8(u64);

#[repr(align(16))]
struct Aligned16(u64);

fn main() {
    let rc: Rc<Aligned8> = Rc::new(Aligned8(42));
    let raw_ptr = Rc::into_raw(rc);

    unsafe {
        Rc::increment_strong_count(raw_ptr as *const Aligned16);
    }
}
```

Miri output:
```
error: Undefined Behavior: out-of-bounds pointer use: expected a pointer to 32 bytes of memory, but got alloc954 which is only 24 bytes from the end of the allocation
```

2025-03-16 09:40:06 +08:00

src

Rollup merge of #138303 - DiuDiu777:rc-fix, r=Mark-Simulacrum

2025-03-16 09:40:06 +08:00

Cargo.toml

Migrate alloc to Rust 2024

2025-03-11 09:46:34 -07:00