mirror of
https://github.com/nushell/nushell.git
synced 2024-11-22 00:13:21 +01:00
Improve safety of get_unchecked_str
in nu_system::macos
(#12550)
# Description The implementation of this function had a few issues before: - It didn't check that the `cp` pointer is actually ahead of the `start` pointer, so `len` could potentially underflow and wrap around, which would be a violation of memory safety - It used `Vec::from_raw_parts` even though the buffer is borrowed, not owned. Although `std::mem::forget` is used later to ensure the destructor doesn't run, there is a risk that the destructor would run if a panic happened during `String::from_utf8_unchecked`, which would lead to a `free()` of a pointer we don't own
This commit is contained in:
parent
9a739d9f0d
commit
b296d6ee3c
@ -146,11 +146,9 @@ pub struct PathInfo {
|
||||
|
||||
#[cfg_attr(tarpaulin, ignore)]
|
||||
unsafe fn get_unchecked_str(cp: *mut u8, start: *mut u8) -> String {
|
||||
let len = cp as usize - start as usize;
|
||||
let part = Vec::from_raw_parts(start, len, len);
|
||||
let tmp = String::from_utf8_unchecked(part.clone());
|
||||
::std::mem::forget(part);
|
||||
tmp
|
||||
let len = (cp as usize).saturating_sub(start as usize);
|
||||
let part = std::slice::from_raw_parts(start, len);
|
||||
String::from_utf8_unchecked(part.to_vec())
|
||||
}
|
||||
|
||||
#[cfg_attr(tarpaulin, ignore)]
|
||||
|
Loading…
Reference in New Issue
Block a user