dnrops
/
rust
mirror of https://github.com/rust-lang/rust.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Rollup merge of #130239 - RalfJung:miri-ptr-offset-unsigned, r=compiler-errors 

miri: fix overflow detection for unsigned pointer offset

This is the Miri part of https://github.com/rust-lang/rust/pull/130229. This is already UB in codegen so we better make Miri detect it; updating the docs may take time if we have to follow some approval process, but let's make Miri match reality ASAP.

r? ``@scottmcm``
This commit is contained in:
Jubilee 2024-09-11 15:53:24 -07:00 committed by GitHub
parent 1e3d1ad4bc 3842ea671b
commit 142598214c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 30 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
compiler/rustc_const_eval/src/interpret/operator.rs
View File

@ -303,8 +303,10 @@ impl<'tcx, M: Machine<'tcx>> InterpCx<'tcx, M> {
let pointee_layout = self.layout_of(pointee_ty)?; let pointee_layout = self.layout_of(pointee_ty)?;
assert!(pointee_layout.abi.is_sized()); assert!(pointee_layout.abi.is_sized());
// We cannot overflow i64 as a type's size must be <= isize::MAX. // The size always fits in `i64` as it can be at most `isize::MAX`.
let pointee_size = i64::try_from(pointee_layout.size.bytes()).unwrap(); let pointee_size = i64::try_from(pointee_layout.size.bytes()).unwrap();
// This uses the same type as `right`, which can be `isize` or `usize`.
// `pointee_size` is guaranteed to fit into both types.
let pointee_size = ImmTy::from_int(pointee_size, right.layout); let pointee_size = ImmTy::from_int(pointee_size, right.layout);
// Multiply element size and element count. // Multiply element size and element count.
let (val, overflowed) = self let (val, overflowed) = self
@ -316,6 +318,11 @@ impl<'tcx, M: Machine<'tcx>> InterpCx<'tcx, M> {
} }
let offset_bytes = val.to_target_isize(self)?; let offset_bytes = val.to_target_isize(self)?;
if !right.layout.abi.is_signed() && offset_bytes < 0 {
// We were supposed to do an unsigned offset but the result is negative -- this
// can only mean that the cast wrapped around.
throw_ub!(PointerArithOverflow)
}
let offset_ptr = self.ptr_offset_inbounds(ptr, offset_bytes)?; let offset_ptr = self.ptr_offset_inbounds(ptr, offset_bytes)?;
Ok(ImmTy::from_scalar(Scalar::from_maybe_pointer(offset_ptr, self), left.layout)) Ok(ImmTy::from_scalar(Scalar::from_maybe_pointer(offset_ptr, self), left.layout))
} }

7
src/tools/miri/tests/fail/intrinsics/ptr_offset_unsigned_overflow.rs Normal file
View File

@ -0,0 +1,7 @@
fn main() {
let x = &[0i32; 2];
let x = x.as_ptr().wrapping_add(1);
// If the `!0` is interpreted as `isize`, it is just `-1` and hence harmless.
// However, this is unsigned arithmetic, so really this is `usize::MAX` and hence UB.
unsafe { x.byte_add(!0).read() }; //~ERROR: does not fit in an `isize`
}

15
src/tools/miri/tests/fail/intrinsics/ptr_offset_unsigned_overflow.stderr Normal file
View File

@ -0,0 +1,15 @@
error: Undefined Behavior: overflowing pointer arithmetic: the total offset in bytes does not fit in an `isize`
--> $DIR/ptr_offset_unsigned_overflow.rs:LL:CC
|
LL | unsafe { x.byte_add(!0).read() };
| ^^^^^^^^^^^^^^ overflowing pointer arithmetic: the total offset in bytes does not fit in an `isize`
|
= help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
= help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information
= note: BACKTRACE:
= note: inside `main` at $DIR/ptr_offset_unsigned_overflow.rs:LL:CC
note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace
error: aborting due to 1 previous error