gwihlidal / meshopt-rs

This code is incorrectly giving back a slice to invalid memory. It allocates 12 u8s (12 bytes) and creates a slice from it of 12 f32s (48 bytes).

meshopt-rs/src/utilities.rs

Lines 181 to 186 in 16a3046

    
           let mut scratch = [0u8; 12]; 
        
           self.reader.read_exact(&mut scratch)?; 
        
           let position = 
        
               unsafe { std::slice::from_raw_parts(scratch.as_ptr().cast::<f32>(), 12) }; 
        
           self.reader.set_position(reader_pos); 
        
           Ok(position)

https://doc.rust-lang.org/std/slice/fn.from_raw_parts.html

The len argument is the number of elements, not the number of bytes.

Also if I'm not mistaken, it's returning a slice to the buffer that is on the stack.

Nice catch!

it's returning a slice to the buffer that is on the stack.

Oh absolutely, this is so so UB.

if vertex <= self.vertex_count {
            Err(Error::memory_dynamic(format!(
                "vertex index ({}) must be less than total vertex count ({})",
                vertex, self.vertex_count
            )))
        }

and this if is reversed! I wonder if anyone actually uses this method

Fixed for real in 94dfd72

	let mut scratch = [0u8; 12];
	self.reader.read_exact(&mut scratch)?;
	let position =
	unsafe { std::slice::from_raw_parts(scratch.as_ptr().cast::<f32>(), 12) };
	self.reader.set_position(reader_pos);
	Ok(position)

Incorrect buffer size