Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Removing use of mem::uninitialized from std::io::util #62657

Closed
wants to merge 2 commits into from
Closed

Removing use of mem::uninitialized from std::io::util #62657

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
282e27a
Removing use of mem::uninitialized from CloudABI and std::io::util
JulianGindi Jul 12, 2019
30e1435
backing out cloudabi changes, and removing uninit memory
JulianGindi Jul 13, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 2 additions & 7 deletions src/libstd/io/util.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@

use crate::fmt;
use crate::io::{self, Read, Initializer, Write, ErrorKind, BufRead, IoSlice, IoSliceMut};
use crate::mem;

/// Copies the entire contents of a reader into a writer.
///
Expand Down Expand Up @@ -43,12 +42,8 @@ use crate::mem;
pub fn copy<R: ?Sized, W: ?Sized>(reader: &mut R, writer: &mut W) -> io::Result<u64>
where R: Read, W: Write
{
let mut buf = unsafe {
#[allow(deprecated)]
let mut buf: [u8; super::DEFAULT_BUF_SIZE] = mem::uninitialized();
reader.initializer().initialize(&mut buf);
buf
};

let mut buf: [u8; super::DEFAULT_BUF_SIZE] = [0; super::DEFAULT_BUF_SIZE];
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The entire point of this method is to not zero-initialize. See the initializer docs.

You should create a MaybeUninit<[u8; ...]>, and then use &mut *buf.as_ptr_mut() and pass that to initialize. This is, technically, still wrong, but it is less wrong than the previous code. You should add a comment saying that this is UB because we create a reference to uninitialized data, but that we exploit the fact that we are libstd and can rely on more guarantees than "normal" libraries.

Cc rust-lang/unsafe-code-guidelines#90

This is all very subtle. There is a reason I marked the issue as "medium", not "easy". ;)

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You're right, this one is probably outside my skill level currently. I'm sorry for taking up your time, but I do appreciate the bits of knowledge. I'm gonna grab some easier issues to start with. I'm happy to have this PR closed for now.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's okay, this happens. :) And no worries, this did not take much time on my end.


let mut written = 0;
loop {
Expand Down