Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: transmute<&mut T, &mut MaybeUninit<T>> is unsound when exposed to safe code #134583

Merged
merged 1 commit into from
Dec 23, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
docs: transmute<&mut T, &mut MaybeUninit<T>> is unsound when expose…
…d to safe code

In the playground the example program terminates with an unpredictable exit
code. The undefined behavior is also detected by miri:

    error: Undefined Behavior: using uninitialized data
  • Loading branch information
Enselic committed Dec 22, 2024
commit 2305012e6a819805fdcf9207d865fa4dbda58f81
20 changes: 20 additions & 0 deletions library/core/src/mem/maybe_uninit.rs
Original file line number Diff line number Diff line change
Expand Up @@ -232,6 +232,26 @@ use crate::{fmt, intrinsics, ptr, slice};
/// remain `#[repr(transparent)]`. That said, `MaybeUninit<T>` will *always* guarantee that it has
/// the same size, alignment, and ABI as `T`; it's just that the way `MaybeUninit` implements that
/// guarantee may evolve.
///
/// Note that even though `T` and `MaybeUninit<T>` are ABI compatible it is still unsound to
/// transmute `&mut T` to `&mut MaybeUninit<T>` and expose that to safe code because it would allow
/// safe code to access uninitialized memory:
///
/// ```rust,no_run
/// use core::mem::MaybeUninit;
///
/// fn unsound_transmute<T>(val: &mut T) -> &mut MaybeUninit<T> {
/// unsafe { core::mem::transmute(val) }
/// }
///
/// fn main() {
/// let mut code = 0;
/// let code = &mut code;
/// let code2 = unsound_transmute(code);
/// *code2 = MaybeUninit::uninit();
/// std::process::exit(*code); // UB! Accessing uninitialized memory.
/// }
/// ```
#[stable(feature = "maybe_uninit", since = "1.36.0")]
// Lang item so we can wrap other types in it. This is useful for coroutines.
#[lang = "maybe_uninit"]
Expand Down
Loading