Vec::from_raw_parts docs do not correctly handle empty buffers · Issue #119304 · rust-lang/rust (original) (raw)

Skip to content

Navigation Menu

• • GitHub Copilot Write better code with AI
  • GitHub Advanced Security Find and fix vulnerabilities
  • Actions Automate any workflow
  • Codespaces Instant dev environments
  • Issues Plan and track work
  • Code Review Manage code changes
  • Discussions Collaborate outside of code
  • Code Search Find more, search less
• Explore
  • Learning Pathways
  • Events & Webinars
  • Ebooks & Whitepapers
  • Customer Stories
  • Partners
  • Executive Insights
• • GitHub Sponsors Fund open source developers
  • The ReadME Project GitHub community articles
• • Enterprise platform AI-powered developer platform
• Pricing

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Sign up

Appearance settings

Description

Location

https://doc.rust-lang.org/std/vec/struct.Vec.html#method.from_raw_parts

Summary

The docs state the precondition "ptr must have been allocated using the global allocator, such as via the alloc::alloc function", which means that the following code is unsound since Vec::new does not allocate to produce the pointer:

fn reassemble(mut v: Vec) -> Vec { let capacity = v.capacity(); let ptr = v.as_mut_ptr(); let length = v.len(); std::mem::forget(v); unsafe {Vec::from_raw_parts(ptr, length, capacity)} }

I believe this to be highly surprising, and probably unintended.

Vec::from_raw_parts should allow ptr not to be obtained from an allocation if capacity times the size of T is zero.

If the documentation is correct InPlaceDstBufDrop is unsound: https://github.com/rust-lang/rust/blob/master/library/alloc/src/vec/in_place_drop.rs#L37

String::from_raw_parts and Vec::from_raw_parts_in have the same issue.