yilin0518 opened a new issue, #9287:
URL: https://github.com/apache/arrow-rs/issues/9287
Hi!
We are a team of researchers studying the memory safety problem in Rust. As
part of our ongoing research, we performed random testing on
arrow-buffer(version:57.2.0) and found that the following code snippet is
reported as undefined behavior by Miri:
**Describe the bug**
<!--
A clear and concise description of what the bug is.
-->
```rust
#![feature(allocator_api)]
use arrow_buffer::*;
fn main() {
let v6 = [112, -26, -47];
let v7 = Vec::from(v6);
let mut v8 = <buffer::MutableBuffer as
std::convert::From<std::vec::Vec::<i32, std::alloc::Global>>>::from(v7);
let v24 = builder::BufferBuilder::<i128>::new_from_buffer(v8);
let v25: &'_ builder::BufferBuilder::<i128> = &v24;
let v26 = builder::BufferBuilder::<i128>::as_slice(v25);
}
```
The error message miri report is as follows:
```rust
error: Undefined Behavior: constructing invalid value: encountered an
unaligned reference (required 16 byte alignment but found 8)
-->
/home/chenyl/projects/check_UB/arrow-buffer-57.2.0/src/builder/mod.rs:274:18
|
274 | unsafe { std::slice::from_raw_parts(self.buffer.as_ptr() as _,
self.len) }
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Undefined
Behavior occurred here
|
= help: this indicates a bug in the program: it performed an invalid
operation, and caused Undefined Behavior
= help: see
https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html
for further information
= note: BACKTRACE:
= note: inside `arrow_buffer::BufferBuilder::<i128>::as_slice` at
/home/chenyl/projects/check_UB/arrow-buffer-57.2.0/src/builder/mod.rs:274:18:
274:81
note: inside `main`
--> src/main.rs:9:15
|
9 | let v26 = builder::BufferBuilder::<i128>::as_slice(v25);
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full`
for a verbose backtrace
error: aborting due to 1 previous error; 2 warnings emitted
```
It seems that `as_slice` doesn't check the alignment of given buffer, thus
causing the undefined behaviour.
**To Reproduce**
<!--
Steps to reproduce the behavior:
-->
1. Copy the code snippet.
2. choose the rust toolchain:nightly-2025-12-06-x86_64-unknown-linux-gnu
3. install miri and run `cargo miri run`
**Expected behavior**
<!--
A clear and concise description of what you expected to happen.
-->
There should not be any undefined behaviour.
**Additional context**
<!--
Add any other context about the problem here.
-->
The OS I use is Linux Unbutu.
We’d appreciate it if you could take a look and confirm whether this
behavior indicates a real issue, or if it’s a false positive or an expected
limitation of Miri.
Thank you very much!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
