[ https://issues.apache.org/jira/browse/ARROW-7624?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17019793#comment-17019793 ]
Paddy Horan commented on ARROW-7624: ------------------------------------ Thanks for reporting this [~jturner314]. We recently had a discussion about these kinds of issues on the [mailing list|[https://lists.apache.org/thread.html/r07f4ba469563a764d19fd08622adbcd0e3ac895a6e8165ae44b8dee8%40%3Cdev.arrow.apache.org%3E].] I'm going to start trying to clean them up soon. > [Rust] Soundness issues via `Buffer` methods > -------------------------------------------- > > Key: ARROW-7624 > URL: https://issues.apache.org/jira/browse/ARROW-7624 > Project: Apache Arrow > Issue Type: Bug > Components: Rust > Affects Versions: 0.15.1 > Reporter: Jim Turner > Priority: Major > > This is my first time creating an issue, so please let me know if I need to > do anything differently. > There are a few soundness issues with the methods currently available on > {{Buffer}}. > # Using a combination of {{from_raw_parts}} and {{data}}/{{as_ref}}, e.g. > {{Buffer::from_raw_parts(ptr, len).data()}}, it's possible to dereference > arbitrary memory locations, break pointer aliasing rules, etc. To fix this, > `from_raw_parts` needs to be `unsafe`, and the safety requirements on `ptr` > and `len` should be specified. (For an example of a similar method in the > standard library, see > [{{std::slice::from_raw_parts}}|https://doc.rust-lang.org/std/slice/fn.from_raw_parts.html].) > # By implementing the {{ArrowNativeType}} trait on a struct, it's possible > for a user to create invalid values of that struct using the {{typed_data}} > method. To fix this, the {{ArrowNativeType}} trait needs to be {{unsafe}}, or > users need to be prevented from implementing {{ArrowNativeType}} on arbitrary > types. Alternatively, the {{typed_data}} method could be made unsafe. > # It's possible to create invalid values of the {{bool}} type using > {{typed_data}}. ([Values of {{bool}} must be {{0x00}} or > {{0x01}}|https://doc.rust-lang.org/nomicon/what-unsafe-does.html]; arbitrary > {{u8}} cannot safely be reinterpreted as {{bool}}.) To fix this, > {{typed_data::<bool>()}} needs to iterate over all the data and check that > all the elements are valid, or {{typed_data}} needs to be marked {{unsafe}}. -- This message was sent by Atlassian Jira (v8.3.4#803005)