fix AsByteSliceMut using raw pointers with bad provenance #780
Conversation
|
LGTM but I think you have a few more tweaks to add before merging. |
|
Do you want me to add RalfJung@8303309? |
|
Indeed that commit is the only other change I need to make all test suites pass (except for I also have some patches to make running Miri on the test suite feasible; I will submit those separately. |
RalfJung
force-pushed
the
as-byte-slice-mut
branch
from
42c840b to
d9c611f
Compare
|
These look good to me thanks! Yes, |
|
Okay, so this is ready to get merged then? |
| @@ -183,7 +183,8 @@ where <R as BlockRngCore>::Results: AsRef<[u32]> + AsMut<[u32]> | |||
| let read_u64 = |results: &[u32], index| { | |||
| if cfg!(any(target_arch = "x86", target_arch = "x86_64")) { | |||
| // requires little-endian CPU supporting unaligned reads: | |||
| unsafe { *(&results[index] as *const u32 as *const u64) } | |||
| let ptr: *const u64 = results[index..index+1].as_ptr() as *const u64; | |||
There was a problem hiding this comment.
This range still only covers 1 element, not 2 elements, as it uses .. instead of ..=.
There was a problem hiding this comment.
Yeah, I fixed that in #784
There was a problem hiding this comment.
Didn't notice that commit :)
&mut slice[0] as *mut _is a raw pointer that can only be used for the first element.slice.as_mut_ptr()is not only shorter, but also correctly returns a pointer that can be used for the entire slice.(Found by running the test suite in Miri.)