Uplift clippy::invalid_null_ptr_usage

Urgau · Urgau · commit 60377c0cfaec · 2023-12-22T17:44:15.000+01:00
diff --git a/compiler/rustc_lint/messages.ftl b/compiler/rustc_lint/messages.ftl
@@ -313,6 +313,9 @@ lint_invalid_nan_comparisons_eq_ne = incorrect NaN comparison, NaN cannot be dir
 
 lint_invalid_nan_comparisons_lt_le_gt_ge = incorrect NaN comparison, NaN is not orderable
 
+lint_invalid_null_ptr_usages = calling this function with a null pointer is undefined behavior, even if the result of the function is unused, consider using a dangling pointer instead
+    .suggestion = use a dangling pointer instead
+
 lint_invalid_reference_casting_assign_to_ref = assigning to `&T` is undefined behavior, consider using an `UnsafeCell`
     .label = casting happend here
 
diff --git a/compiler/rustc_lint/src/lints.rs b/compiler/rustc_lint/src/lints.rs
@@ -614,6 +614,28 @@ pub enum UselessPtrNullChecksDiag<'a> {
     FnRet { fn_name: Ident },
 }
 
+#[derive(LintDiagnostic)]
+#[diag(lint_invalid_null_ptr_usages)]
+pub struct InvalidNullPtrUsagesDiag<'a> {
+    #[subdiagnostic]
+    pub suggestion: InvalidNullPtrUsagesSuggestion<'a>,
+}
+
+#[derive(Subdiagnostic)]
+pub enum InvalidNullPtrUsagesSuggestion<'a> {
+    #[multipart_suggestion(lint_suggestion, applicability = "machine-applicable")]
+    WithoutExplicitType {
+        #[suggestion_part(code = "core::ptr::NonNull::dangling().as_ptr()")]
+        arg_span: Span,
+    },
+    #[multipart_suggestion(lint_suggestion, applicability = "machine-applicable")]
+    WithExplicitType {
+        ty: Ty<'a>,
+        #[suggestion_part(code = "core::ptr::NonNull::<{ty}>::dangling().as_ptr()")]
+        arg_span: Span,
+    },
+}
+
 // for_loops_over_fallibles.rs
 #[derive(LintDiagnostic)]
 #[diag(lint_for_loops_over_fallibles)]
diff --git a/compiler/rustc_lint/src/ptr_nulls.rs b/compiler/rustc_lint/src/ptr_nulls.rs
@@ -1,6 +1,11 @@
-use crate::{lints::UselessPtrNullChecksDiag, LateContext, LateLintPass, LintContext};
+use crate::{
+    lints::{InvalidNullPtrUsagesDiag, InvalidNullPtrUsagesSuggestion, UselessPtrNullChecksDiag},
+    reference_casting::peel_casts,
+    LateContext, LateLintPass, LintContext,
+};
 use rustc_ast::LitKind;
 use rustc_hir::{BinOpKind, Expr, ExprKind, TyKind};
+use rustc_middle::ty::{RawPtr, TypeAndMut};
 use rustc_session::{declare_lint, declare_lint_pass};
 use rustc_span::sym;
 
@@ -29,7 +34,30 @@ declare_lint! {
     "useless checking of non-null-typed pointer"
 }
 
-declare_lint_pass!(PtrNullChecks => [USELESS_PTR_NULL_CHECKS]);
+declare_lint! {
+    /// The `invalid_null_ptr_usages` lint checks for invalid usage of null pointers.
+    ///
+    /// ### Example
+    ///
+    /// ```rust,compile_fail
+    /// # use std::{slice, ptr};
+    /// // Undefined behavior
+    /// # let _slice: &[u8] =
+    /// unsafe { slice::from_raw_parts(ptr::null(), 0) };
+    /// ```
+    ///
+    /// {{produces}}
+    ///
+    /// ### Explanation
+    ///
+    /// Calling methods whos safety invariants requires non-null ptr with a null-ptr
+    /// is undefined behavior.
+    INVALID_NULL_PTR_USAGES,
+    Deny,
+    "invalid call with null ptr"
+}
+
+declare_lint_pass!(PtrNullChecks => [USELESS_PTR_NULL_CHECKS, INVALID_NULL_PTR_USAGES]);
 
 /// This function checks if the expression is from a series of consecutive casts,
 /// ie. `(my_fn as *const _ as *mut _).cast_mut()` and whether the original expression is either
@@ -83,6 +111,24 @@ fn useless_check<'a, 'tcx: 'a>(
     }
 }
 
+fn is_null_ptr<'tcx>(cx: &LateContext<'tcx>, expr: &'tcx Expr<'_>) -> bool {
+    let (expr, _) = peel_casts(cx, expr);
+
+    if let ExprKind::Call(path, []) = expr.kind
+        && let ExprKind::Path(ref qpath) = path.kind
+        && let Some(def_id) = cx.qpath_res(qpath, path.hir_id).opt_def_id()
+        && let Some(diag_item) = cx.tcx.get_diagnostic_name(def_id)
+    {
+        diag_item == sym::ptr_null || diag_item == sym::ptr_null_mut
+    } else if let ExprKind::Lit(spanned) = expr.kind
+        && let LitKind::Int(v, _) = spanned.node
+    {
+        v == 0
+    } else {
+        false
+    }
+}
+
 impl<'tcx> LateLintPass<'tcx> for PtrNullChecks {
     fn check_expr(&mut self, cx: &LateContext<'tcx>, expr: &'tcx Expr<'_>) {
         match expr.kind {
@@ -100,6 +146,54 @@ impl<'tcx> LateLintPass<'tcx> for PtrNullChecks {
                 cx.emit_spanned_lint(USELESS_PTR_NULL_CHECKS, expr.span, diag)
             }
 
+            // Catching:
+            // <path>(arg...) where `arg` is null-ptr and `path` is a fn that expect non-null-ptr
+            ExprKind::Call(path, args)
+                if let ExprKind::Path(ref qpath) = path.kind
+                    && let Some(def_id) = cx.qpath_res(qpath, path.hir_id).opt_def_id()
+                    && let Some(diag_name) = cx.tcx.get_diagnostic_name(def_id) =>
+            {
+                // `arg` positions where null would cause U.B.
+                let arg_indices: &[_] = match diag_name {
+                    sym::ptr_read
+                    | sym::ptr_read_unaligned
+                    | sym::ptr_read_volatile
+                    | sym::ptr_replace
+                    | sym::ptr_write
+                    | sym::ptr_write_bytes
+                    | sym::ptr_write_unaligned
+                    | sym::ptr_write_volatile
+                    | sym::slice_from_raw_parts
+                    | sym::slice_from_raw_parts_mut => &[0],
+                    sym::ptr_copy
+                    | sym::ptr_copy_nonoverlapping
+                    | sym::ptr_swap
+                    | sym::ptr_swap_nonoverlapping => &[0, 1],
+                    _ => return,
+                };
+
+                for &arg_idx in arg_indices {
+                    if let Some(arg) = args.get(arg_idx).filter(|arg| is_null_ptr(cx, arg)) {
+                        let arg_span = arg.span;
+
+                        let suggestion = if let ExprKind::Cast(..) = arg.peel_blocks().kind
+                            && let Some(ty) = cx.typeck_results().expr_ty_opt(arg)
+                            && let RawPtr(TypeAndMut { ty, .. }) = ty.kind()
+                        {
+                            InvalidNullPtrUsagesSuggestion::WithExplicitType { ty: *ty, arg_span }
+                        } else {
+                            InvalidNullPtrUsagesSuggestion::WithoutExplicitType { arg_span }
+                        };
+
+                        cx.emit_spanned_lint(
+                            INVALID_NULL_PTR_USAGES,
+                            expr.span,
+                            InvalidNullPtrUsagesDiag { suggestion },
+                        )
+                    }
+                }
+            }
+
             // Catching:
             // (fn_ptr as *<const/mut> <ty>).is_null()
             ExprKind::MethodCall(_, receiver, _, _)
diff --git a/tests/ui/lint/invalid_null_ptr_usages.fixed b/tests/ui/lint/invalid_null_ptr_usages.fixed
@@ -0,0 +1,86 @@
+// check-fail
+// run-rustfix
+
+use std::ptr;
+use std::mem;
+
+unsafe fn null_ptr() {
+    ptr::write(
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+        core::ptr::NonNull::<u32>::dangling().as_ptr(),
+        mem::transmute::<[u8; 4], _>([0, 0, 0, 255]),
+    );
+
+    let _: &[usize] = std::slice::from_raw_parts(core::ptr::NonNull::dangling().as_ptr(), 0);
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+    let _: &[usize] = std::slice::from_raw_parts(core::ptr::NonNull::dangling().as_ptr(), 0);
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+    let _: &[usize] = std::slice::from_raw_parts(core::ptr::NonNull::<usize>::dangling().as_ptr(), 0);
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+    let _: &[usize] = std::slice::from_raw_parts(core::ptr::NonNull::dangling().as_ptr(), 0);
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+
+    let _: &[usize] = std::slice::from_raw_parts_mut(core::ptr::NonNull::dangling().as_ptr(), 0);
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+
+    ptr::copy::<usize>(core::ptr::NonNull::dangling().as_ptr(), ptr::NonNull::dangling().as_ptr(), 0);
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+    ptr::copy::<usize>(ptr::NonNull::dangling().as_ptr(), core::ptr::NonNull::dangling().as_ptr(), 0);
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+
+    ptr::copy_nonoverlapping::<usize>(core::ptr::NonNull::dangling().as_ptr(), ptr::NonNull::dangling().as_ptr(), 0);
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+    ptr::copy_nonoverlapping::<usize>(
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+        ptr::NonNull::dangling().as_ptr(),
+        core::ptr::NonNull::dangling().as_ptr(),
+        0
+    );
+
+    struct A; // zero sized struct
+    assert_eq!(std::mem::size_of::<A>(), 0);
+
+    let _a: A = ptr::read(core::ptr::NonNull::dangling().as_ptr());
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+    let _a: A = ptr::read(core::ptr::NonNull::dangling().as_ptr());
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+
+    let _a: A = ptr::read_unaligned(core::ptr::NonNull::dangling().as_ptr());
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+    let _a: A = ptr::read_unaligned(core::ptr::NonNull::dangling().as_ptr());
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+
+    let _a: A = ptr::read_volatile(core::ptr::NonNull::dangling().as_ptr());
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+    let _a: A = ptr::read_volatile(core::ptr::NonNull::dangling().as_ptr());
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+
+    let _a: A = ptr::replace(core::ptr::NonNull::dangling().as_ptr(), A);
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+
+    ptr::swap::<A>(core::ptr::NonNull::dangling().as_ptr(), &mut A);
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+    ptr::swap::<A>(&mut A, core::ptr::NonNull::dangling().as_ptr());
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+
+    ptr::swap_nonoverlapping::<A>(core::ptr::NonNull::dangling().as_ptr(), &mut A, 0);
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+    ptr::swap_nonoverlapping::<A>(&mut A, core::ptr::NonNull::dangling().as_ptr(), 0);
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+
+    ptr::write(core::ptr::NonNull::dangling().as_ptr(), A);
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+
+    ptr::write_unaligned(core::ptr::NonNull::dangling().as_ptr(), A);
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+
+    ptr::write_volatile(core::ptr::NonNull::dangling().as_ptr(), A);
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+
+    ptr::write_bytes::<usize>(core::ptr::NonNull::dangling().as_ptr(), 42, 0);
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+}
+
+fn main() {
+    unsafe { null_ptr() };
+}
diff --git a/tests/ui/lint/invalid_null_ptr_usages.rs b/tests/ui/lint/invalid_null_ptr_usages.rs
@@ -0,0 +1,86 @@
+// check-fail
+// run-rustfix
+
+use std::ptr;
+use std::mem;
+
+unsafe fn null_ptr() {
+    ptr::write(
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+        ptr::null_mut() as *mut u32,
+        mem::transmute::<[u8; 4], _>([0, 0, 0, 255]),
+    );
+
+    let _: &[usize] = std::slice::from_raw_parts(ptr::null(), 0);
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+    let _: &[usize] = std::slice::from_raw_parts(ptr::null_mut(), 0);
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+    let _: &[usize] = std::slice::from_raw_parts(0 as *mut _, 0);
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+    let _: &[usize] = std::slice::from_raw_parts(mem::transmute(0usize), 0);
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+
+    let _: &[usize] = std::slice::from_raw_parts_mut(ptr::null_mut(), 0);
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+
+    ptr::copy::<usize>(ptr::null(), ptr::NonNull::dangling().as_ptr(), 0);
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+    ptr::copy::<usize>(ptr::NonNull::dangling().as_ptr(), ptr::null_mut(), 0);
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+
+    ptr::copy_nonoverlapping::<usize>(ptr::null(), ptr::NonNull::dangling().as_ptr(), 0);
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+    ptr::copy_nonoverlapping::<usize>(
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+        ptr::NonNull::dangling().as_ptr(),
+        ptr::null_mut(),
+        0
+    );
+
+    struct A; // zero sized struct
+    assert_eq!(std::mem::size_of::<A>(), 0);
+
+    let _a: A = ptr::read(ptr::null());
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+    let _a: A = ptr::read(ptr::null_mut());
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+
+    let _a: A = ptr::read_unaligned(ptr::null());
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+    let _a: A = ptr::read_unaligned(ptr::null_mut());
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+
+    let _a: A = ptr::read_volatile(ptr::null());
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+    let _a: A = ptr::read_volatile(ptr::null_mut());
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+
+    let _a: A = ptr::replace(ptr::null_mut(), A);
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+
+    ptr::swap::<A>(ptr::null_mut(), &mut A);
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+    ptr::swap::<A>(&mut A, ptr::null_mut());
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+
+    ptr::swap_nonoverlapping::<A>(ptr::null_mut(), &mut A, 0);
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+    ptr::swap_nonoverlapping::<A>(&mut A, ptr::null_mut(), 0);
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+
+    ptr::write(ptr::null_mut(), A);
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+
+    ptr::write_unaligned(ptr::null_mut(), A);
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+
+    ptr::write_volatile(ptr::null_mut(), A);
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+
+    ptr::write_bytes::<usize>(ptr::null_mut(), 42, 0);
+    //~^ ERROR calling this function with a null pointer is undefined behavior
+}
+
+fn main() {
+    unsafe { null_ptr() };
+}
diff --git a/tests/ui/lint/invalid_null_ptr_usages.stderr b/tests/ui/lint/invalid_null_ptr_usages.stderr
