From c03759e9b3e3d2bfbc2e1dd252fc8c9e3a0b7f0e Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Thu, 23 May 2024 07:34:33 +0200 Subject: [PATCH 1/2] elaborate on slice wide pointer metadata --- src/behavior-considered-undefined.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/behavior-considered-undefined.md b/src/behavior-considered-undefined.md index 756b86db0..15eb9d18e 100644 --- a/src/behavior-considered-undefined.md +++ b/src/behavior-considered-undefined.md @@ -72,11 +72,14 @@ Please read the [Rustonomicon] before writing unsafe code. * An integer (`i*`/`u*`), floating point value (`f*`), or raw pointer obtained from [uninitialized memory][undef], or uninitialized memory in a `str`. * A reference or `Box` that is [dangling], misaligned, or points to an invalid value. - * Invalid metadata in a wide reference, `Box`, or raw pointer: + * Invalid metadata in a wide reference, `Box`, or raw pointer. The requirement + for the metadata is determined by the type of the unsized tail: * `dyn Trait` metadata is invalid if it is not a pointer to a vtable for `Trait` that matches the actual dynamic trait the pointer or reference points to. * Slice metadata is invalid if the length is not a valid `usize` (i.e., it must not be read from uninitialized memory). + Furthermore, for wide references and `Box`, slice metadata is invalid + if it makes the total size of the pointed-to value bigger than `isize::MAX`. * Invalid values for a type with a custom definition of invalid values. In the standard library, this affects [`NonNull`] and [`NonZero*`]. From 4f5888ff54336004f54fe8d37ab264fb8da4726a Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Thu, 23 May 2024 07:34:47 +0200 Subject: [PATCH 2/2] typo fix and clarifications --- src/behavior-considered-undefined.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/behavior-considered-undefined.md b/src/behavior-considered-undefined.md index 15eb9d18e..96844f79c 100644 --- a/src/behavior-considered-undefined.md +++ b/src/behavior-considered-undefined.md @@ -71,12 +71,13 @@ Please read the [Rustonomicon] before writing unsafe code. * A `!` (all values are invalid for this type). * An integer (`i*`/`u*`), floating point value (`f*`), or raw pointer obtained from [uninitialized memory][undef], or uninitialized memory in a `str`. - * A reference or `Box` that is [dangling], misaligned, or points to an invalid value. + * A reference or `Box` that is [dangling], misaligned, or points to an invalid value + (in case of dynamically sized types, using the actual dynamic type of the + pointee as determined by the metadata). * Invalid metadata in a wide reference, `Box`, or raw pointer. The requirement for the metadata is determined by the type of the unsized tail: - * `dyn Trait` metadata is invalid if it is not a pointer to a vtable for - `Trait` that matches the actual dynamic trait the pointer or reference points to. - * Slice metadata is invalid if the length is not a valid `usize` + * `dyn Trait` metadata is invalid if it is not a pointer to a vtable for `Trait`. + * Slice (`[T]`) metadata is invalid if the length is not a valid `usize` (i.e., it must not be read from uninitialized memory). Furthermore, for wide references and `Box`, slice metadata is invalid if it makes the total size of the pointed-to value bigger than `isize::MAX`.