You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
parse_str can violate memory safety: it can go beyond the input slice while looking for 0. The initial offset also can point outside of the slice. My understanding is that in Rust such functions should either be marked with unsafe or use assert to enforce memory safety.
The text was updated successfully, but these errors were encountered:
Oops, I've missed the fact that input is not a slice, but just a reference to the single byte, so it is impossible to make an assertion here. Maybe input should be changed to slice, so that parse_str could be implemented without an unsafe block:
fn parse_str(input: &[u8], offset: usize) -> &str {
let input: &[u8] = &input[offset..];
let end = input.iter().position(|byte| *byte == 0).unwrap();
std::str::from_utf8(&input[..end]).unwrap()
}
parse_str
can violate memory safety: it can go beyond theinput
slice while looking for0
. The initialoffset
also can point outside of the slice. My understanding is that in Rust such functions should either be marked withunsafe
or useassert
to enforce memory safety.The text was updated successfully, but these errors were encountered: