Mark covmap functions as unsafe #3435
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
hey could you run scripts/fmt_all.sh to format your changes |
lewismosciski
force-pushed
the
fix-covmap-soundness
branch
2 times, most recently
from
56fe1f3 to
973c970
Compare
lewismosciski
force-pushed
the
fix-covmap-soundness
branch
from
973c970 to
9248555
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Fixes #3417
This PR addresses the soundness bug identified in issue #3417, where the
safefunctionscovmap_is_interesting_simdandcovmap_is_interesting_naivecould cause Undefined Behavior.Problem:
These functions use
get_uncheckedbased on an assumption thathist.len() >= map.len(). If this invariant is violated by a caller, it results in an out-of-bounds memory access, which is UB in a safe function.Solution:
This patch resolves the soundness issue by:
unsafe.# Safetysection to their documentation, clearly stating the required invariant for callers.unsafeblocks with comments justifying their safety.Checklist