Does `MutSlice` handle empty boxed slices correctly?
djkoloski opened this issue · comments
Summary
While auditing wasm-bindgen
for import into Fuchsia, we tried to make sure that the call to __wbindgen_copy_to_typed_array
in src/convert/slices.rs
was safe even when contents
is a box of an empty slice. That would make the pointer from it dangling, which could cause some bad behavior. We were unable to track down exactly what happens with that pointer. Can anyone offer some insight into how this intrinsic gets implemented? Is it safe to pass garbage pointers as long as the length of the slice is zero?
Additional Details
That intrinsic is defined here:
wasm-bindgen/crates/cli-support/src/intrinsic.rs
Lines 264 to 266 in 12889ef
And the JS for it is generated here:
wasm-bindgen/crates/cli-support/src/js/mod.rs
Lines 3564 to 3571 in 12889ef
So yes, it should be fine. src
is a Uint8Array
pointing to the raw bytes of the boxed slice in Rust (automatically created from Rust's ptr + len thanks to the #[signature = fn(slice(U8), ref_externref()) -> Unit]
annotation), and dst
is the original typed array that was passed to Rust. So if the boxed slice's length is 0, src
and dst
's lengths will both be 0, and the set
won't do anything.
Thank you! Sounds good to me. 🙂