Rollup merge of rust-lang#61230 - matklad:ub-comment, r=RalfJung

Centril · web-flow · commit 460e626a9cf5 · 2019-05-28T11:48:58.000+02:00
avoid creating Boxes of uninitalized values in RawVec `RawVec<bool>::into_box` is definitely instant UB, if not all values are initialized. See https://gankro.github.io/blah/initialize-me-maybe/
diff --git a/src/liballoc/boxed.rs b/src/liballoc/boxed.rs
@@ -395,11 +395,10 @@ impl<T: Clone> Clone for Box<T> {
 #[stable(feature = "box_slice_clone", since = "1.3.0")]
 impl Clone for Box<str> {
     fn clone(&self) -> Self {
-        let len = self.len();
-        let buf = RawVec::with_capacity(len);
+        // this makes a copy of the data
+        let buf: Box<[u8]> = self.as_bytes().into();
         unsafe {
-            ptr::copy_nonoverlapping(self.as_ptr(), buf.ptr(), len);
-            from_boxed_utf8_unchecked(buf.into_box())
+            from_boxed_utf8_unchecked(buf)
         }
     }
 }
@@ -546,9 +545,12 @@ impl<T: Copy> From<&[T]> for Box<[T]> {
     /// println!("{:?}", boxed_slice);
     /// ```
     fn from(slice: &[T]) -> Box<[T]> {
-        let mut boxed = unsafe { RawVec::with_capacity(slice.len()).into_box() };
-        boxed.copy_from_slice(slice);
-        boxed
+        let len = slice.len();
+        let buf = RawVec::with_capacity(len);
+        unsafe {
+            ptr::copy_nonoverlapping(slice.as_ptr(), buf.ptr(), len);
+            buf.into_box()
+        }
     }
 }
 
diff --git a/src/liballoc/raw_vec.rs b/src/liballoc/raw_vec.rs
@@ -685,12 +685,14 @@ impl<T, A: Alloc> RawVec<T, A> {
 impl<T> RawVec<T, Global> {
     /// Converts the entire buffer into `Box<[T]>`.
     ///
-    /// While it is not *strictly* Undefined Behavior to call
-    /// this procedure while some of the RawVec is uninitialized,
-    /// it certainly makes it trivial to trigger it.
-    ///
     /// Note that this will correctly reconstitute any `cap` changes
     /// that may have been performed. (see description of type for details)
+    ///
+    /// # Undefined Behavior
+    ///
+    /// All elements of `RawVec<T, Global>` must be initialized. Notice that
+    /// the rules around uninitialized boxed values are not finalized yet,
+    /// but until they are, it is advisable to avoid them.
     pub unsafe fn into_box(self) -> Box<[T]> {
         // NOTE: not calling `cap()` here, actually using the real `cap` field!
         let slice = slice::from_raw_parts_mut(self.ptr(), self.cap);

Original file line number	Diff line number	Diff line change
`@@ -395,11 +395,10 @@ impl<T: Clone> Clone for Box<T> {`
`395`	`395`	`#[stable(feature = "box_slice_clone", since = "1.3.0")]`
`396`	`396`	`impl Clone for Box<str> {`
`397`	`397`	`fn clone(&self) -> Self {`
`398`		`- let len = self.len();`
`399`		`- let buf = RawVec::with_capacity(len);`
	`398`	`+ // this makes a copy of the data`
	`399`	`+ let buf: Box<[u8]> = self.as_bytes().into();`
`400`	`400`	`unsafe {`
`401`		`- ptr::copy_nonoverlapping(self.as_ptr(), buf.ptr(), len);`
`402`		`- from_boxed_utf8_unchecked(buf.into_box())`
	`401`	`+ from_boxed_utf8_unchecked(buf)`
`403`	`402`	`}`
`404`	`403`	`}`
`405`	`404`	`}`
`@@ -546,9 +545,12 @@ impl<T: Copy> From<&[T]> for Box<[T]> {`
`546`	`545`	`/// println!("{:?}", boxed_slice);`
`547`	`546`	/// ```
`548`	`547`	`fn from(slice: &[T]) -> Box<[T]> {`
`549`		`- let mut boxed = unsafe { RawVec::with_capacity(slice.len()).into_box() };`
`550`		`- boxed.copy_from_slice(slice);`
`551`		`- boxed`
	`548`	`+ let len = slice.len();`
	`549`	`+ let buf = RawVec::with_capacity(len);`
	`550`	`+ unsafe {`
	`551`	`+ ptr::copy_nonoverlapping(slice.as_ptr(), buf.ptr(), len);`
	`552`	`+ buf.into_box()`
	`553`	`+ }`
`552`	`554`	`}`
`553`	`555`	`}`
`554`	`556`