Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
0.15.1
Description
This is my first time creating an issue, so please let me know if I need to do anything differently.
There are a few soundness issues with the methods currently available on Buffer.
- Using a combination of from_raw_parts and data/as_ref, e.g. Buffer::from_raw_parts(ptr, len).data(), it's possible to dereference arbitrary memory locations, break pointer aliasing rules, etc. To fix this, `from_raw_parts` needs to be `unsafe`, and the safety requirements on `ptr` and `len` should be specified. (For an example of a similar method in the standard library, see std::slice::from_raw_parts.)
- By implementing the ArrowNativeType trait on a struct, it's possible for a user to create invalid values of that struct using the typed_data method. To fix this, the ArrowNativeType trait needs to be unsafe, or users need to be prevented from implementing ArrowNativeType on arbitrary types. Alternatively, the typed_data method could be made unsafe.
- It's possible to create invalid values of the bool type using typed_data. (Values of bool must be 0x00 or 0x01; arbitrary u8 cannot safely be reinterpreted as bool.) To fix this, typed_data::<bool>() needs to iterate over all the data and check that all the elements are valid, or typed_data needs to be marked unsafe.
Attachments
Issue Links
- links to