lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CABeNrKWn4_qsAE2pqgGwVuspf7wnzT=xe_hZpuy-0HVTLD92DQ@mail.gmail.com>
Date: Mon, 28 Jul 2025 14:21:25 -0700
From: "K. York" <kanepyork@...il.com>
To: Christian <christiansantoslima21@...il.com>
Cc: a.hindborg@...nel.org, alex.gaynor@...il.com, aliceryhl@...gle.com, 
	benno.lossin@...ton.me, bjorn3_gh@...tonmail.com, boqun.feng@...il.com, 
	dakr@...nel.org, gary@...yguo.net, linux-kernel@...r.kernel.org, 
	ojeda@...nel.org, richard120310@...il.com, rust-for-linux@...r.kernel.org, 
	tmgross@...ch.edu, ~lkcamp/patches@...ts.sr.ht
Subject: Re: [PATCH v8] rust: transmute: Add methods for FromBytes trait

On Mon, Jul 28, 2025, 12:39 Christian <christiansantoslima21@...il.com> wrote:
>
> Hi, Kane.
>
> > > +// SAFETY: If all bit patterns are acceptable for individual values in an array, then all bit
> > > +// patterns are also acceptable for arrays of that type.
> > > +unsafe impl<T: FromBytes> FromBytes for [T] {
> > > +    fn from_bytes(bytes: &[u8]) -> Option<&Self> {
> > > +        let slice_ptr = bytes.as_ptr().cast::<T>();
> > > +        if bytes.len() % ::core::mem::size_of::<T>() == 0 && slice_ptr.is_aligned() {
> > > +            // SAFETY: Since the code checks the size and alignment, the slice is valid.
> > > +            unsafe { Some(::core::slice::from_raw_parts(slice_ptr, bytes.len())) }
> >
> > This is incorrect -- the second argument to slice::from_raw_parts is the
> > element count, not the byte count.
>
> I don't understand, did you mean that the safety comment should be
> changed or the argument? If you can explain in more detail.

The code is wrong, and the comments should be changed to match.
The documentation for the function says:

`pub const unsafe fn from_raw_parts<'a, T>(data: *const T, len: usize)
-> &'a [T]`

> Forms a slice from a pointer and a length.

> The len argument is the number of **elements**, not the number of bytes.

The code is wrong for any type that is not 1 byte in size. The len
argument should
be `bytes.len() / ::core::mem::size_of::<T>()`.

The code will also panic the kernel for any type that is 0 bytes in
size in the % above.
I'd probably choose a build assert (`const { if size == 0 {
panic!(...) } }`) for this.

>
> Thanks,
> Christian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ