Fix dangling pointer bug for zero-sized reads

pvdrz · pvdrz · commit 9463c1624fbd · 2019-10-01T15:54:06.000-05:00
diff --git a/src/shims/io.rs b/src/shims/io.rs
@@ -156,15 +156,25 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, 'tcx
         // Remove the file handle to avoid borrowing issues
         this.remove_handle_and(fd, |mut handle, this| {
             // Don't use `?` to avoid returning before reinserting the handle
-            let bytes = this
-                .memory_mut()
-                .get_mut(buf.alloc_id).and_then(|alloc|
-                    alloc.get_bytes_mut(tcx, buf, Size::from_bytes(count))
-                    .map(|buffer| handle.file.read(buffer).map(|bytes| bytes as i64))
-                );
+
+            let bytes = this.memory_mut().get_mut(buf.alloc_id).and_then(|alloc| {
+                if count != 0 {
+                    alloc
+                        .get_bytes_mut(tcx, buf, Size::from_bytes(count))
+                        .map(|buffer| handle.file.read(buffer))
+                } else {
+                    // Using `Allocation::get_bytes_mut` requires to actually put data into
+                    // the allocation even if we take 0 bytes of it. In that case we use an
+                    // empty buffer instead to avoid dangling pointers.
+                    let mut empty = Vec::new();
+                    let result = Ok(handle.file.read(empty.as_mut_slice()));
+                    assert!(empty.is_empty());
+                    result
+                }
+            });
             // Reinsert the file handle
             this.machine.file_handler.handles.insert(fd, handle);
-            this.consume_result(bytes?)
+            this.consume_result(bytes?.map(|bytes| bytes as i64))
         })
     }
 
diff --git a/tests/run-pass/file_read.rs b/tests/run-pass/file_read.rs
@@ -5,15 +5,17 @@ use std::fs::File;
 use std::io::{ Read, Write };
 
 fn main() {
-    // FIXME: remove the file and delete it when `rm` is implemented.
+    // FIXME: Remove the file when the required shims are implemented
+    let path = "./tests/hello.txt";
+    let bytes = b"Hello, World!\n";
 
     // Test creating, writing and closing a file (closing is tested when `file` is dropped).
-    let mut file = File::create("./tests/hello.txt").unwrap();
-    file.write(b"Hello, World!\n").unwrap();
+    let mut file = File::create(path).unwrap();
+    file.write(bytes).unwrap();
 
     // Test opening, reading and closing a file.
-    let mut file = File::open("./tests/hello.txt").unwrap();
-    let mut contents = String::new();
-    file.read_to_string(&mut contents).unwrap();
-    assert_eq!("Hello, World!\n", contents);
+    let mut file = File::open(path).unwrap();
+    let mut contents = Vec::new();
+    file.read(&mut contents).unwrap();
+    assert_eq!(bytes, contents.as_slice());
 }
