m4sterchain commented on code in PR #235:
URL:
https://github.com/apache/teaclave-trustzone-sdk/pull/235#discussion_r2382096237
##########
optee-teec/macros/src/lib.rs:
##########
@@ -129,11 +123,18 @@ pub fn plugin_invoke(_args: TokenStream, input:
TokenStream) -> TokenStream {
.into_token_stream();
quote!(
- // temporary workaround for this error:
- // error: this public function might dereference a raw pointer but is
not marked `unsafe`
- // should remove this allow macro when fix clippy errors of optee-*
crates
- #[allow(clippy::not_unsafe_ptr_arg_deref)]
- pub fn _plugin_invoke(
+ /// # Safety
+ ///
+ /// This function is unsafe because it:
+ /// - Dereferences raw pointers `data` and `out_len`
+ /// - Creates a mutable slice from raw parts using `data` and `in_len`
+ /// - Copies data to the raw pointer `data`
+ ///
+ /// The caller must ensure that:
+ /// - `data` points to valid memory for at least `in_len` bytes
+ /// - `out_len` points to valid memory for a `u32`
+ /// - `data` has enough capacity for the output data
Review Comment:
Security assumptions need to be discussed and highlighted at least in the
follow scenarios
- Whether `data` can be null, or `in_len` can be 0
- Whether `outslice` and data can have overlap
- Whether `outslice.len()` can be greater than `in_len`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
