Skip to content

Remove padding bytes risk in dbghelp with MaybeUninit #737

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 26, 2025
Merged

Remove padding bytes risk in dbghelp with MaybeUninit #737

merged 2 commits into from
Sep 26, 2025

Conversation

workingjubilee
Copy link
Member

@workingjubilee workingjubilee commented Sep 25, 2025
edited
Loading

As reported in #720, there is a risk that the current code, by using &mut to a struct with padding fields, interacts in ways that cause padding bytes to be written to bytes that Rust originally thought were real and initialized. If this assumption persists forward in time far enough, this could possibly cause an issue due to compiler optimizations.

This seems unlikely, but we can fix this by using MaybeUninit and then addressing the data using raw pointers only. That way, we do not have to depend on all the data being in initialized states even after calling SymFromAddrW. Except for the specific fields we read, of course.

Fixes #720

@workingjubilee workingjubilee force-pushed the address-dbghelp-soundness-risks branch 3 times, most recently from cd50846 to f9ae50a Compare September 25, 2025 23:28
@workingjubilee
Remove padding bytes risk in dbghelp with MaybeUninit
05ad047 
As reported in rust-lang#720, there is a risk that the
current code, by using &mut to a struct with padding fields,
interacts in ways that cause padding bytes to be written to bytes
that Rust originally thought were real and initialized.
If this assumption persists forward in time far enough,
this could possibly cause an issue due to compiler optimizations.

This seems unlikely, but we can fix this by using MaybeUninit and then
addressing the data using raw pointers only. That way, we do not have
to depend on all the data being in initialized states even after calling
SymFromAddrW. Except for the specific fields we read, of course.
@workingjubilee workingjubilee force-pushed the address-dbghelp-soundness-risks branch from f9ae50a to 05ad047 Compare September 25, 2025 23:30
@workingjubilee workingjubilee mentioned this pull request Sep 25, 2025
Closed
ChrisDenton
ChrisDenton approved these changes Sep 26, 2025
View reviewed changes
Copy link
Member

@ChrisDenton ChrisDenton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me. I made a few comments but nothing that's particularly essential to resolve so I'd be happy for this to be merged as-is.

@workingjubilee workingjubilee mentioned this pull request Sep 26, 2025
Open
@workingjubilee workingjubilee force-pushed the address-dbghelp-soundness-risks branch from 605761d to 06dca9a Compare September 26, 2025 01:35
@ChrisDenton ChrisDenton merged commit a405950 into rust-lang:master Sep 26, 2025
40 checks passed
@workingjubilee workingjubilee deleted the address-dbghelp-soundness-risks branch September 26, 2025 01:38
This was referenced Sep 26, 2025
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ChrisDenton ChrisDenton ChrisDenton approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Soundess bug: &mut reference exposes uninitialized bytes
2 participants
@workingjubilee @ChrisDenton