Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Potential unsoundnesses (not yet determined) with use of unsafe #2

Closed
Alexhuszagh opened this issue Oct 30, 2024 · 1 comment · Fixed by #7 or #8
Closed

Potential unsoundnesses (not yet determined) with use of unsafe #2

Alexhuszagh opened this issue Oct 30, 2024 · 1 comment · Fixed by #7 or #8
Assignees
@Alexhuszagh
Labels
A-sec Related to unsoundness/security issues.
Milestone
0.2.2

Comments

@Alexhuszagh
Copy link
Owner

From the upstream fast-float-rust:
aldanor#37
@Alexhuszagh Alexhuszagh self-assigned this Oct 30, 2024
@Alexhuszagh Alexhuszagh added the A-sec Related to unsoundness/security issues. label Oct 30, 2024
@Alexhuszagh
Copy link
Owner Author

There's a few core locations where this is unsafe with debug-only invariant checks. The most obvious location is:

fast-float-rust/src/number.rs

Line 151 in cdcde1e

debug_assert!(!s.is_empty());

Where we've checked that s is not empty in the caller, but this does not have local safety invariants and therefore is not a safe function.

@Alexhuszagh Alexhuszagh added this to the 0.2.2 milestone Oct 30, 2024
@Alexhuszagh Alexhuszagh linked a pull request Oct 31, 2024 that will close this issue
Remove all non-local unsafety. #7
Merged
@Alexhuszagh Alexhuszagh mentioned this issue Oct 31, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Alexhuszagh Alexhuszagh

Labels
A-sec Related to unsoundness/security issues.
Projects
None yet
Milestone
0.2.2
1 participant
@Alexhuszagh