Skip to content

Mitigate misuse of Swift's pointer conversion feature #80

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
glessard merged 4 commits into from
Jun 3, 2022
Merged

Mitigate misuse of Swift's pointer conversion feature #80

glessard merged 4 commits into from
Jun 3, 2022

Conversation

@glessard
Copy link
Contributor

@glessard glessard commented Apr 8, 2022
edited
Loading

This is a continuation of the work done in swiftlang/swift#42002, addressing the exact same issues.

The family of String (and FilePath) initializers that convert from C strings (null-terminated byte buffers) can be called with Swift arrays, which are converted to UnsafePointer arguments for C interoperability. However, when the array passed in to them violates the C string precondition of containing a zero byte, this can result in a buffer overflow.

This PR overloads every such initializer with a version for [CodeUnit] and inout CodeUnit, enforcing the null-terminated precondition. An overload for String is also added. The String overload may appear strictly useless, but it behaves differently than a direct copy when the source string contains an embedded null.

Addresses rdar://91436410.

@glessard glessard requested a review from milseman April 8, 2022 12:46
milseman
milseman reviewed Apr 8, 2022
View reviewed changes
milseman
milseman approved these changes Apr 8, 2022
View reviewed changes
Copy link
Contributor

@milseman milseman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Put doc comments and some cleanup, otherwise LGTM

glessard
glessard commented Apr 8, 2022
View reviewed changes
@glessard glessard force-pushed the glessard/rdar91436410 branch 2 times, most recently from 6a3f211 to d8b64ad Compare May 11, 2022 08:56
@glessard
Copy link
Contributor Author

glessard commented May 11, 2022

@swift-ci please test

@glessard glessard requested review from lorentey and milseman May 11, 2022 15:01
@glessard glessard force-pushed the glessard/rdar91436410 branch from d8b64ad to a63ef99 Compare May 16, 2022 19:25
@glessard
Copy link
Contributor Author

glessard commented May 16, 2022

@swift-ci please test

@glessard glessard force-pushed the glessard/rdar91436410 branch from a63ef99 to 94ca9f3 Compare May 27, 2022 23:13
@glessard
Copy link
Contributor Author

glessard commented May 27, 2022

@swift-ci please test

lorentey
lorentey approved these changes Jun 3, 2022
View reviewed changes
Copy link
Member

@lorentey lorentey left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shame we need to add all these overloads -- can't wait to have a language-level solution.

@lorentey lorentey force-pushed the glessard/rdar91436410 branch from 94ca9f3 to 3a82bc8 Compare June 3, 2022 22:22
@glessard glessard force-pushed the glessard/rdar91436410 branch from 10257a8 to 3920df7 Compare June 3, 2022 22:43
@glessard
Copy link
Contributor Author

glessard commented Jun 3, 2022

@swift-ci please test

@glessard glessard merged commit bdb13a5 into main Jun 3, 2022
@glessard glessard deleted the glessard/rdar91436410 branch June 3, 2022 22:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lorentey lorentey lorentey approved these changes

@milseman milseman Awaiting requested review from milseman milseman is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@glessard @milseman @lorentey