You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@arrow.apache.org by "Paddy Horan (Jira)" <ji...@apache.org> on 2020/02/10 21:18:00 UTC

[jira] [Assigned] (ARROW-7624) [Rust] Soundness issues via `Buffer` methods

     [ https://issues.apache.org/jira/browse/ARROW-7624?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Paddy Horan reassigned ARROW-7624:
----------------------------------

    Assignee: Paddy Horan

> [Rust] Soundness issues via `Buffer` methods
> --------------------------------------------
>
>                 Key: ARROW-7624
>                 URL: https://issues.apache.org/jira/browse/ARROW-7624
>             Project: Apache Arrow
>          Issue Type: Bug
>          Components: Rust
>    Affects Versions: 0.15.1
>            Reporter: Jim Turner
>            Assignee: Paddy Horan
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> This is my first time creating an issue, so please let me know if I need to do anything differently.
> There are a few soundness issues with the methods currently available on {{Buffer}}.
>  # Using a combination of {{from_raw_parts}} and {{data}}/{{as_ref}}, e.g. {{Buffer::from_raw_parts(ptr, len).data()}}, it's possible to dereference arbitrary memory locations, break pointer aliasing rules, etc. To fix this, `from_raw_parts` needs to be `unsafe`, and the safety requirements on `ptr` and `len` should be specified. (For an example of a similar method in the standard library, see [{{std::slice::from_raw_parts}}|https://doc.rust-lang.org/std/slice/fn.from_raw_parts.html].)
>  # By implementing the {{ArrowNativeType}} trait on a struct, it's possible for a user to create invalid values of that struct using the {{typed_data}} method. To fix this, the {{ArrowNativeType}} trait needs to be {{unsafe}}, or users need to be prevented from implementing {{ArrowNativeType}} on arbitrary types. Alternatively, the {{typed_data}} method could be made unsafe.
>  # It's possible to create invalid values of the {{bool}} type using {{typed_data}}. ([Values of {{bool}} must be {{0x00}} or {{0x01}}|https://doc.rust-lang.org/nomicon/what-unsafe-does.html]; arbitrary {{u8}} cannot safely be reinterpreted as {{bool}}.) To fix this, {{typed_data::<bool>()}} needs to iterate over all the data and check that all the elements are valid, or {{typed_data}} needs to be marked {{unsafe}}.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)