-
Notifications
You must be signed in to change notification settings - Fork 352
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove unsound custom Cell #158
Conversation
…e way it was before the introduction of a custom cell. Heavily based on the patch by Wim Looman <[email protected]> https://gist.github.com/Nemo157/b495b84b5b2f3134d19ad71ba5002066
Codecov Report
@@ Coverage Diff @@
## master #158 +/- ##
==========================================
- Coverage 61.59% 61.34% -0.26%
==========================================
Files 80 79 -1
Lines 5028 5011 -17
==========================================
- Hits 3097 3074 -23
- Misses 1931 1937 +6
Continue to review full report at Codecov.
|
Thanks so much for expiditing this. Can you mention fix in the changelog. |
Done. |
Error message from failed check is:
So looks like it's just flaky and needs to be retried. |
CI is green now. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good, thanks a lot!
Thanks for the quick review and merge! Please let me know once a version incorporating these changes is released. I'd like to open a RustSec advisory so that anyone interested in security would know to update. |
Oh wait, there's another copy if this Cell implementation in the repo. I'll open an issue about that one. |
Right now the custom cell is unsound because
Cell::get_mut()
usesRc::as_ref()
to obtain a reference to the underlying data, which does not distinguish between mutable and immutable references, and so does not guarantee uniqueness. Thus it is possible to obtain several mutable references to the same memory location by callingCell::get_mut()
repeatedly:This unsoundness can even be triggered from the public API (see PoC that fails MIRI). It may result in pretty much arbitrary memory corruption, most likely a use-after-free.
This PR removes the unsound custom cell and replaces it with
Rc<RefCell<T>
. This reverts the code to the way it was before the introduction of the custom cell in 20b03a4I expect performance to take a slight hit, but the difference not to be noticeable outside of microbenchmarks.
cargo bench
shows no difference between this branch and master.The code is heavily based on the patch by @Nemo157 https://gist.github.com/Nemo157/b495b84b5b2f3134d19ad71ba5002066, all I did was resolve conflicts with latest master.
This PR supersedes #113 which has been stuck for 6 months and didn't fix the problem entirely, since the unsound custom cell was still in use.