Skip to content

Commit

Permalink
Fix undefined behavior in CDFContextLogOps
Browse files Browse the repository at this point in the history 
Calling Vec::get_unchecked_mut() with an out-of-bounds index is
undefined behavior even if the resulting reference is not used.
  • Loading branch information
@CodesInChaos
CodesInChaos authored Mar 19, 2023
1 parent d5fda2d commit 92ed4e8
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions src/context/cdf_context.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -600,7 +600,7 @@ trait CDFContextLogOps: CDFContextLogSize {
let new_len = len + Self::CDF_LEN_MAX + 1;
let capacity = log.data.capacity();
debug_assert!(new_len <= capacity);
let dst = log.data.get_unchecked_mut(len) as *mut u16;
let dst = log.data.as_mut_ptr().add(len);
dst.copy_from_nonoverlapping(cdf.as_ptr(), Self::CDF_LEN_MAX);
*dst.add(Self::CDF_LEN_MAX) = offset as u16;
log.data.set_len(new_len);
Expand All @@ -618,7 +618,7 @@ trait CDFContextLogOps: CDFContextLogSize {
// SAFETY: We use unchecked pointers here for performance.
// Since we know the length, we can ensure not to go OOB.
unsafe {
let mut src = log.data.get_unchecked_mut(len) as *mut u16;
let mut src = log.data.as_mut_ptr().add(len);
while len > checkpoint {
len -= Self::CDF_LEN_MAX + 1;
src = src.sub(Self::CDF_LEN_MAX + 1);
Expand Down

0 comments on commit 92ed4e8

Please sign in to comment.