[jira] [Commented] (ARROW-7624) [Rust] Soundness issues via `Buffer` methods

Mon, 20 Jan 2020 17:23:11 -0800 


    [ 
https://issues.apache.org/jira/browse/ARROW-7624?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17019793#comment-17019793
 ] 

Paddy Horan commented on ARROW-7624:
------------------------------------

Thanks for reporting this [~jturner314].

We recently had a discussion about these kinds of issues on the [mailing 
list|[https://lists.apache.org/thread.html/r07f4ba469563a764d19fd08622adbcd0e3ac895a6e8165ae44b8dee8%40%3Cdev.arrow.apache.org%3E].]
  I'm going to start trying to clean them up soon.

> [Rust] Soundness issues via `Buffer` methods
> --------------------------------------------
>
>                 Key: ARROW-7624
>                 URL: https://issues.apache.org/jira/browse/ARROW-7624
>             Project: Apache Arrow
>          Issue Type: Bug
>          Components: Rust
>    Affects Versions: 0.15.1
>            Reporter: Jim Turner
>            Priority: Major
>
> This is my first time creating an issue, so please let me know if I need to 
> do anything differently.
> There are a few soundness issues with the methods currently available on 
> {{Buffer}}.
>  # Using a combination of {{from_raw_parts}} and {{data}}/{{as_ref}}, e.g. 
> {{Buffer::from_raw_parts(ptr, len).data()}}, it's possible to dereference 
> arbitrary memory locations, break pointer aliasing rules, etc. To fix this, 
> `from_raw_parts` needs to be `unsafe`, and the safety requirements on `ptr` 
> and `len` should be specified. (For an example of a similar method in the 
> standard library, see 
> [{{std::slice::from_raw_parts}}|https://doc.rust-lang.org/std/slice/fn.from_raw_parts.html].)
>  # By implementing the {{ArrowNativeType}} trait on a struct, it's possible 
> for a user to create invalid values of that struct using the {{typed_data}} 
> method. To fix this, the {{ArrowNativeType}} trait needs to be {{unsafe}}, or 
> users need to be prevented from implementing {{ArrowNativeType}} on arbitrary 
> types. Alternatively, the {{typed_data}} method could be made unsafe.
>  # It's possible to create invalid values of the {{bool}} type using 
> {{typed_data}}. ([Values of {{bool}} must be {{0x00}} or 
> {{0x01}}|https://doc.rust-lang.org/nomicon/what-unsafe-does.html]; arbitrary 
> {{u8}} cannot safely be reinterpreted as {{bool}}.) To fix this, 
> {{typed_data::<bool>()}} needs to iterate over all the data and check that 
> all the elements are valid, or {{typed_data}} needs to be marked {{unsafe}}.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to