Serialization is potentially unsound since Vec::set_len is called before the vector is initialized

[udoprog]

Hi.

So I'm worried about this code location, and places like it:

speedy/src/writable.rs

Line 201 in df80ac3

vec.set_len( capacity );

The safety per-requisite for calling set_len is that the elements at old_len..new_len must be initialized. We could possibly overlook this since we have full control of the vector, however calling as_mut_slice is also potentially problematic, since internally it uses from_raw_parts_mut which also requires all elements to be properly initialized. Note that miri only triggers if we observe uninitialized bytes but that doesn't mean writing to uninitialized memory like this is sound.

That leaves me with my final concern. If the writer errors for any reason the final call to set_len will not happen. I haven't investigated where this might happen in practice, but since Writable is a public trait it doesn't really matter since anyone can cause it to error.

A simple solution would be to have BufferCollector operate over pointers instead and use methods such as copy_to_nonoverlapping which does not require the destination memory to be initialized. If that is not an option the region can be initialized by using Vec::resize instead of set_len.