-
Notifications
You must be signed in to change notification settings - Fork 326
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Do we need even more agressive validation? #508
Comments
aaand now I'm gonna make taking references to fields of |
cc @Centril ralf found "the next hole". That didn't take very long |
Dear lord. =P |
PS: I think we can treat these changes as rustc internals that is inconsequential wrt. the language team's review of exposed stable behavior (since it doesn't affect any stable behavior...). |
Closing in favor of rust-lang/unsafe-code-guidelines#189: this is first and foremost a question of "what is the spec", not how to implement it. |
Currently, we do not catch this:
In the MIR, the
*xref = NonZero(0)
becomes an assignment of the only field of this struct, and that field is of typei32
and hence value0
is no problem.I could imagine doing validation of prefixes of the path involved in an assignment, but I see no way to catch the following:
This won't even be caught by @oli-obk's new unsafety check for constructing
NonZero
.(The last example is not specific to
NonZero
at all; writing2
into a&mut bool
after casting it to*mut u8
is similar.)The text was updated successfully, but these errors were encountered: