Fix dangling pointer bug for zero-sized reads

Author: pvdrz

src/shims/io.rs

@@ -150,21 +150,27 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, 'tcx
         let tcx = &{ this.tcx.tcx };
 
         let fd = this.read_scalar(fd_op)?.to_i32()?;
-        let buf = this.force_ptr(this.read_scalar(buf_op)?.not_undef()?)?;
+        let buf_scalar = this.read_scalar(buf_op)?.not_undef()?;
         let count = this.read_scalar(count_op)?.to_usize(&*this.tcx)?;
 
         // Remove the file handle to avoid borrowing issues
         this.remove_handle_and(fd, |mut handle, this| {
             // Don't use `?` to avoid returning before reinserting the handle
-            let bytes = this
-                .memory_mut()
-                .get_mut(buf.alloc_id).and_then(|alloc|
-                    alloc.get_bytes_mut(tcx, buf, Size::from_bytes(count))
-                    .map(|buffer| handle.file.read(buffer).map(|bytes| bytes as i64))
-                );
+            let bytes =
+            if count == 0 {
+                Ok(handle.file.read(&mut []))
+            } else {
+                this.force_ptr(buf_scalar).and_then(|buf| this
+                    .memory_mut()
+                    .get_mut(buf.alloc_id).and_then(|alloc|
+                        alloc.get_bytes_mut(tcx, buf, Size::from_bytes(count))
+                        .map(|buffer| handle.file.read(buffer))
+                    ))
+
+            };
             // Reinsert the file handle
             this.machine.file_handler.handles.insert(fd, handle);
-            this.consume_result(bytes?)
+            this.consume_result(bytes?.map(|bytes| bytes as i64))
         })
     }
 

tests/run-pass/file_read.rs

@@ -6,14 +6,18 @@ use std::io::{ Read, Write };
 
 fn main() {
     // FIXME: remove the file and delete it when `rm` is implemented.
-
+    let path = "./tests/hello.txt";
+    let bytes = b"Hello, World!\n";
     // Test creating, writing and closing a file (closing is tested when `file` is dropped).
-    let mut file = File::create("./tests/hello.txt").unwrap();
-    file.write(b"Hello, World!\n").unwrap();
-
+    let mut file = File::create(path).unwrap();
+    file.write(bytes).unwrap();
     // Test opening, reading and closing a file.
-    let mut file = File::open("./tests/hello.txt").unwrap();
-    let mut contents = String::new();
-    file.read_to_string(&mut contents).unwrap();
-    assert_eq!("Hello, World!\n", contents);
+    let mut file = File::open(path).unwrap();
+    let mut contents = Vec::new();
+    // Reading 0 bytes should not fill `contents`.
+    file.read(&mut contents).unwrap();
+    assert!(contents.is_empty());
+    // Reading until EOF should get the whole text.
+    file.read_to_end(&mut contents).unwrap();
+    assert_eq!(bytes, contents.as_slice());
 }