offset_of is unsound #1415
Comments
bors bot
added a commit
that referenced
this issue
Apr 4, 2021
1416: Use memoffset::offset_of instead of homegrown macro r=asomers a=asomers The homegrown macro was fine in 2016, but at some point it technically became UB. The memoffset crate does the same thing, but avoids UB when using rustc 1.51.0 or later. Fixes #1415 Co-authored-by: Alan Somers <[email protected]>
anth1y
pushed a commit
to anth1y/nix
that referenced
this issue
Apr 11, 2021
The homegrown macro was fine in 2016, but at some point it technically became UB. The memoffset crate does the same thing, but avoids UB when using rustc 1.51.0 or later. Fixes nix-rust#1415
anth1y
added a commit
to anth1y/nix
that referenced
this issue
Apr 11, 2021
unistd: Increase maximum passwd/group buffer to 1MB We have one UNIX group that contains most of our users whose size is about 20 kB, so `Group::from_name` is failing with ERANGE. The discussion on PR nix-rust#864 suggests that 1 MB is a reasonable maximum - it follows what FreeBSD's libc does. (glibc appears to have no maximum on the _r function and will just double the buffer until malloc fails, but that's not particularly Rusty.) Use memoffset::offset_of instead of homegrown macro The homegrown macro was fine in 2016, but at some point it technically became UB. The memoffset crate does the same thing, but avoids UB when using rustc 1.51.0 or later. Fixes nix-rust#1415 Check all tests in CI Travis didn't compile check tests on platforms that couldn't run tests in CI, so they bitrotted. Let's see how bad they are. Most annoyingly, 32-bit Android defines mode_t as 16 bits, but stat.st_mode as 32-bits. Fix spurious errors using `sendmmsg` with multiple cmsgs Before this fix, the buffer that holds cmsgs may move due to the resize() call. That causes msg_hdr pointing to invalid memory, which ends up breaking the sendmmsg() call, resulting in EINVAL. This change fixes it by avoiding re-allocating the buffers. Support TIMESTAMPNS for linux
anth1y
added a commit
to anth1y/nix
that referenced
this issue
Apr 17, 2021
unistd: Increase maximum passwd/group buffer to 1MB We have one UNIX group that contains most of our users whose size is about 20 kB, so `Group::from_name` is failing with ERANGE. The discussion on PR nix-rust#864 suggests that 1 MB is a reasonable maximum - it follows what FreeBSD's libc does. (glibc appears to have no maximum on the _r function and will just double the buffer until malloc fails, but that's not particularly Rusty.) Use memoffset::offset_of instead of homegrown macro The homegrown macro was fine in 2016, but at some point it technically became UB. The memoffset crate does the same thing, but avoids UB when using rustc 1.51.0 or later. Fixes nix-rust#1415 Check all tests in CI Travis didn't compile check tests on platforms that couldn't run tests in CI, so they bitrotted. Let's see how bad they are. Most annoyingly, 32-bit Android defines mode_t as 16 bits, but stat.st_mode as 32-bits. Fix spurious errors using `sendmmsg` with multiple cmsgs Before this fix, the buffer that holds cmsgs may move due to the resize() call. That causes msg_hdr pointing to invalid memory, which ends up breaking the sendmmsg() call, resulting in EINVAL. This change fixes it by avoiding re-allocating the buffers. Support TIMESTAMPNS for linux
anth1y
added a commit
to anth1y/nix
that referenced
this issue
Apr 17, 2021
unistd: Increase maximum passwd/group buffer to 1MB We have one UNIX group that contains most of our users whose size is about 20 kB, so `Group::from_name` is failing with ERANGE. The discussion on PR nix-rust#864 suggests that 1 MB is a reasonable maximum - it follows what FreeBSD's libc does. (glibc appears to have no maximum on the _r function and will just double the buffer until malloc fails, but that's not particularly Rusty.) Use memoffset::offset_of instead of homegrown macro The homegrown macro was fine in 2016, but at some point it technically became UB. The memoffset crate does the same thing, but avoids UB when using rustc 1.51.0 or later. Fixes nix-rust#1415 Check all tests in CI Travis didn't compile check tests on platforms that couldn't run tests in CI, so they bitrotted. Let's see how bad they are. Most annoyingly, 32-bit Android defines mode_t as 16 bits, but stat.st_mode as 32-bits. Fix spurious errors using `sendmmsg` with multiple cmsgs Before this fix, the buffer that holds cmsgs may move due to the resize() call. That causes msg_hdr pointing to invalid memory, which ends up breaking the sendmmsg() call, resulting in EINVAL. This change fixes it by avoiding re-allocating the buffers. Support TIMESTAMPNS for linux unistd: Increase maximum passwd/group buffer to 1MB We have one UNIX group that contains most of our users whose size is about 20 kB, so `Group::from_name` is failing with ERANGE. The discussion on PR nix-rust#864 suggests that 1 MB is a reasonable maximum - it follows what FreeBSD's libc does. (glibc appears to have no maximum on the _r function and will just double the buffer until malloc fails, but that's not particularly Rusty.) Use memoffset::offset_of instead of homegrown macro The homegrown macro was fine in 2016, but at some point it technically became UB. The memoffset crate does the same thing, but avoids UB when using rustc 1.51.0 or later. Fixes nix-rust#1415 Check all tests in CI Travis didn't compile check tests on platforms that couldn't run tests in CI, so they bitrotted. Let's see how bad they are. Most annoyingly, 32-bit Android defines mode_t as 16 bits, but stat.st_mode as 32-bits. Fix spurious errors using `sendmmsg` with multiple cmsgs Before this fix, the buffer that holds cmsgs may move due to the resize() call. That causes msg_hdr pointing to invalid memory, which ends up breaking the sendmmsg() call, resulting in EINVAL. This change fixes it by avoiding re-allocating the buffers. Support TIMESTAMPNS for linux fix bug missing octothorpe
asomers
added a commit
that referenced
this issue
Aug 14, 2021
The homegrown macro was fine in 2016, but at some point it technically became UB. The memoffset crate does the same thing, but avoids UB when using rustc 1.51.0 or later. Fixes #1415
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The macro at
nix/src/macros.rs
Line 210 in 6af11c1
*on a NULL pointer. See the reference for details.The memoffset crate provides a version of this macro that avoids UB (on older versions of rustc, this is not always possible, so it falls back to the 'least incorrect' version when needed).
The text was updated successfully, but these errors were encountered: