[jira] [Resolved] (ARROW-7624) [Rust] Soundness issues via `Buffer` methods

Tue, 11 Feb 2020 19:16:27 -0800 


     [ 
https://issues.apache.org/jira/browse/ARROW-7624?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Paddy Horan resolved ARROW-7624.
--------------------------------
    Fix Version/s: 1.0.0
       Resolution: Fixed

Issue resolved by pull request 6397
[https://github.com/apache/arrow/pull/6397]

> [Rust] Soundness issues via `Buffer` methods
> --------------------------------------------
>
>                 Key: ARROW-7624
>                 URL: https://issues.apache.org/jira/browse/ARROW-7624
>             Project: Apache Arrow
>          Issue Type: Bug
>          Components: Rust
>    Affects Versions: 0.15.1
>            Reporter: Jim Turner
>            Assignee: Paddy Horan
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 1.0.0
>
>          Time Spent: 1h 50m
>  Remaining Estimate: 0h
>
> This is my first time creating an issue, so please let me know if I need to 
> do anything differently.
> There are a few soundness issues with the methods currently available on 
> {{Buffer}}.
>  # Using a combination of {{from_raw_parts}} and {{data}}/{{as_ref}}, e.g. 
> {{Buffer::from_raw_parts(ptr, len).data()}}, it's possible to dereference 
> arbitrary memory locations, break pointer aliasing rules, etc. To fix this, 
> `from_raw_parts` needs to be `unsafe`, and the safety requirements on `ptr` 
> and `len` should be specified. (For an example of a similar method in the 
> standard library, see 
> [{{std::slice::from_raw_parts}}|https://doc.rust-lang.org/std/slice/fn.from_raw_parts.html].)
>  # By implementing the {{ArrowNativeType}} trait on a struct, it's possible 
> for a user to create invalid values of that struct using the {{typed_data}} 
> method. To fix this, the {{ArrowNativeType}} trait needs to be {{unsafe}}, or 
> users need to be prevented from implementing {{ArrowNativeType}} on arbitrary 
> types. Alternatively, the {{typed_data}} method could be made unsafe.
>  # It's possible to create invalid values of the {{bool}} type using 
> {{typed_data}}. ([Values of {{bool}} must be {{0x00}} or 
> {{0x01}}|https://doc.rust-lang.org/nomicon/what-unsafe-does.html]; arbitrary 
> {{u8}} cannot safely be reinterpreted as {{bool}}.) To fix this, 
> {{typed_data::<bool>()}} needs to iterate over all the data and check that 
> all the elements are valid, or {{typed_data}} needs to be marked {{unsafe}}.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to