[jira] [Created] (ARROW-7624) [Rust] Soundess issues via `Buffer` methods

["Jim Turner (Jira)" <ji...@apache.org>]

Jim Turner created ARROW-7624:
---------------------------------

             Summary: [Rust] Soundess issues via `Buffer` methods
                 Key: ARROW-7624
                 URL: https://issues.apache.org/jira/browse/ARROW-7624
             Project: Apache Arrow
          Issue Type: Bug
          Components: Rust
    Affects Versions: 0.15.1
            Reporter: Jim Turner


This is my first time creating an issue, so please let me know if I need to do anything differently.

There are a few soundness issues with the methods currently available on {{Buffer}}.
 # Using a combination of {{from_raw_parts}} and {{data}}/{{as_ref}}, e.g. {{Buffer::from_raw_parts(ptr, len).data()}}, it's possible to dereference arbitrary memory locations, break pointer aliasing rules, etc. To fix this, `from_raw_parts` needs to be `unsafe`, and the safety requirements on `ptr` and `len` should be specified. (For an example of a similar method in the standard library, see [{{std::slice::from_raw_parts}}|https://doc.rust-lang.org/std/slice/fn.from_raw_parts.html].)
 # By implementing the {{ArrowNativeType}} trait on a struct, it's possible for a user to create invalid values of that struct using the {{typed_data}} method. To fix this, the {{ArrowNativeType}} trait needs to be {{unsafe}}, or users need to be prevented from implementing {{ArrowNativeType}} on arbitrary types. Alternatively, the {{typed_data}} method could be made unsafe.
 # It's possible to create invalid values of the {{bool}} type using {{typed_data}}. ([Values of {{bool}} must be {{0x00}} or {{0x01}}|https://doc.rust-lang.org/nomicon/what-unsafe-does.html]; arbitrary {{u8}} cannot safely be reinterpreted as {{bool}}.) To fix this, {{typed_data::<bool>()}} needs to iterate over all the data and check that all the elements are valid, or {{typed_data}} needs to be marked {{unsafe}}.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)