Jim Turner created ARROW-7624:
---------------------------------
Summary: [Rust] Soundess issues via `Buffer` methods
Key: ARROW-7624
URL: https://issues.apache.org/jira/browse/ARROW-7624
Project: Apache Arrow
Issue Type: Bug
Components: Rust
Affects Versions: 0.15.1
Reporter: Jim Turner
This is my first time creating an issue, so please let me know if I need to do
anything differently.
There are a few soundness issues with the methods currently available on
{{Buffer}}.
# Using a combination of {{from_raw_parts}} and {{data}}/{{as_ref}}, e.g.
{{Buffer::from_raw_parts(ptr, len).data()}}, it's possible to dereference
arbitrary memory locations, break pointer aliasing rules, etc. To fix this,
`from_raw_parts` needs to be `unsafe`, and the safety requirements on `ptr` and
`len` should be specified. (For an example of a similar method in the standard
library, see
[{{std::slice::from_raw_parts}}|https://doc.rust-lang.org/std/slice/fn.from_raw_parts.html].)
# By implementing the {{ArrowNativeType}} trait on a struct, it's possible for
a user to create invalid values of that struct using the {{typed_data}} method.
To fix this, the {{ArrowNativeType}} trait needs to be {{unsafe}}, or users
need to be prevented from implementing {{ArrowNativeType}} on arbitrary types.
Alternatively, the {{typed_data}} method could be made unsafe.
# It's possible to create invalid values of the {{bool}} type using
{{typed_data}}. ([Values of {{bool}} must be {{0x00}} or
{{0x01}}|https://doc.rust-lang.org/nomicon/what-unsafe-does.html]; arbitrary
{{u8}} cannot safely be reinterpreted as {{bool}}.) To fix this,
{{typed_data::<bool>()}} needs to iterate over all the data and check that all
the elements are valid, or {{typed_data}} needs to be marked {{unsafe}}.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
