FIX: Replace uses of <[T]>::get_unchecked_mut with raw pointer accessor

bluss · bluss · commit fd7232119105 · 2019-10-09T10:09:07.000+02:00
This is a soundness fix w.r.t unsafe coding guidelines.

In some of the instances, `get_unchecked_mut() -&gt; &amp;mut T as *mut T` was
used in places where the element was potentially uninitialized.

This was a problem in push. (Not a problem in IntoIter next/next_back,
where the whole range we're iterating is initialized).
diff --git a/src/lib.rs b/src/lib.rs
@@ -238,10 +238,15 @@ impl<A: Array> ArrayVec<A> {
     pub unsafe fn push_unchecked(&mut self, element: A::Item) {
         let len = self.len();
         debug_assert!(len < A::CAPACITY);
-        ptr::write(self.get_unchecked_mut(len), element);
+        ptr::write(self.get_unchecked_ptr(len), element);
         self.set_len(len + 1);
     }
 
+    /// Get pointer to where element at `index` would be
+    unsafe fn get_unchecked_ptr(&mut self, index: usize) -> *mut A::Item {
+        self.xs.ptr_mut().add(index)
+    }
+
     /// Insert `element` at position `index`.
     ///
     /// Shift up all elements after `index`.
@@ -299,7 +304,7 @@ impl<A: Array> ArrayVec<A> {
         unsafe { // infallible
             // The spot to put the new value
             {
-                let p: *mut _ = self.get_unchecked_mut(index);
+                let p: *mut _ = self.get_unchecked_ptr(index);
                 // Shift everything over to make space. (Duplicating the
                 // `index`th element into two consecutive places.)
                 ptr::copy(p, p.offset(1), len - index);
@@ -333,7 +338,7 @@ impl<A: Array> ArrayVec<A> {
         unsafe {
             let new_len = self.len() - 1;
             self.set_len(new_len);
-            Some(ptr::read(self.get_unchecked_mut(new_len)))
+            Some(ptr::read(self.get_unchecked_ptr(new_len)))
         }
     }
 
@@ -760,7 +765,7 @@ impl<A: Array> Iterator for IntoIter<A> {
             unsafe {
                 let index = self.index.to_usize();
                 self.index = Index::from(index + 1);
-                Some(ptr::read(self.v.get_unchecked_mut(index)))
+                Some(ptr::read(self.v.get_unchecked_ptr(index)))
             }
         }
     }
@@ -779,7 +784,7 @@ impl<A: Array> DoubleEndedIterator for IntoIter<A> {
             unsafe {
                 let new_len = self.v.len() - 1;
                 self.v.set_len(new_len);
-                Some(ptr::read(self.v.get_unchecked_mut(new_len)))
+                Some(ptr::read(self.v.get_unchecked_ptr(new_len)))
             }
         }
     }
@@ -795,7 +800,7 @@ impl<A: Array> Drop for IntoIter<A> {
         unsafe {
             self.v.set_len(0);
             let elements = slice::from_raw_parts_mut(
-                self.v.get_unchecked_mut(index),
+                self.v.get_unchecked_ptr(index),
                 len - index);
             ptr::drop_in_place(elements);
         }

Original file line number	Diff line number	Diff line change
`@@ -238,10 +238,15 @@ impl<A: Array> ArrayVec<A> {`
`238`	`238`	`pub unsafe fn push_unchecked(&mut self, element: A::Item) {`
`239`	`239`	`let len = self.len();`
`240`	`240`	`debug_assert!(len < A::CAPACITY);`
`241`		`- ptr::write(self.get_unchecked_mut(len), element);`
	`241`	`+ ptr::write(self.get_unchecked_ptr(len), element);`
`242`	`242`	`self.set_len(len + 1);`
`243`	`243`	`}`
`244`	`244`
	`245`	+ /// Get pointer to where element at `index` would be
	`246`	`+ unsafe fn get_unchecked_ptr(&mut self, index: usize) -> *mut A::Item {`
	`247`	`+ self.xs.ptr_mut().add(index)`
	`248`	`+ }`
	`249`	`+`
`245`	`250`	/// Insert `element` at position `index`.
`246`	`251`	`///`
`247`	`252`	/// Shift up all elements after `index`.
`@@ -299,7 +304,7 @@ impl<A: Array> ArrayVec<A> {`
`299`	`304`	`unsafe { // infallible`
`300`	`305`	`// The spot to put the new value`
`301`	`306`	`{`
`302`		`- let p: *mut _ = self.get_unchecked_mut(index);`
	`307`	`+ let p: *mut _ = self.get_unchecked_ptr(index);`
`303`	`308`	`// Shift everything over to make space. (Duplicating the`
`304`	`309`	// `index`th element into two consecutive places.)
`305`	`310`	`ptr::copy(p, p.offset(1), len - index);`
`@@ -333,7 +338,7 @@ impl<A: Array> ArrayVec<A> {`
`333`	`338`	`unsafe {`
`334`	`339`	`let new_len = self.len() - 1;`
`335`	`340`	`self.set_len(new_len);`
`336`		`- Some(ptr::read(self.get_unchecked_mut(new_len)))`
	`341`	`+ Some(ptr::read(self.get_unchecked_ptr(new_len)))`
`337`	`342`	`}`
`338`	`343`	`}`
`339`	`344`
`@@ -760,7 +765,7 @@ impl<A: Array> Iterator for IntoIter<A> {`
`760`	`765`	`unsafe {`
`761`	`766`	`let index = self.index.to_usize();`
`762`	`767`	`self.index = Index::from(index + 1);`
`763`		`- Some(ptr::read(self.v.get_unchecked_mut(index)))`
	`768`	`+ Some(ptr::read(self.v.get_unchecked_ptr(index)))`
`764`	`769`	`}`
`765`	`770`	`}`
`766`	`771`	`}`
`@@ -779,7 +784,7 @@ impl<A: Array> DoubleEndedIterator for IntoIter<A> {`
`779`	`784`	`unsafe {`
`780`	`785`	`let new_len = self.v.len() - 1;`
`781`	`786`	`self.v.set_len(new_len);`
`782`		`- Some(ptr::read(self.v.get_unchecked_mut(new_len)))`
	`787`	`+ Some(ptr::read(self.v.get_unchecked_ptr(new_len)))`
`783`	`788`	`}`
`784`	`789`	`}`
`785`	`790`	`}`
`@@ -795,7 +800,7 @@ impl<A: Array> Drop for IntoIter<A> {`
`795`	`800`	`unsafe {`
`796`	`801`	`self.v.set_len(0);`
`797`	`802`	`let elements = slice::from_raw_parts_mut(`
`798`		`- self.v.get_unchecked_mut(index),`
	`803`	`+ self.v.get_unchecked_ptr(index),`
`799`	`804`	`len - index);`
`800`	`805`	`ptr::drop_in_place(elements);`
`801`	`806`	`}`