Rust soundness fixes (#7518)

* Rust soundness fixes * Second pass * Make init_from_table unsafe * Remove SafeSliceAccess * Clippy * Remove create_vector_of_strings * More clippy * Remove deprecated root type accessors * More soundness fixes * Fix EndianScalar for bool * Add TriviallyTransmutable * Add debug assertions * Review comments * Review feedback
2026-06-22 18:48:52 +00:00 · 2022-09-29 14:58:49 +01:00
parent dadbff5714
commit 374f8fb5fb
102 changed files with 2673 additions and 2035 deletions
--- a/samples/rust_generated/my_game/sample/vec_3_generated.rs
+++ b/samples/rust_generated/my_game/sample/vec_3_generated.rs
@@ -29,39 +29,25 @@ impl core::fmt::Debug for Vec3 {
 }

 impl flatbuffers::SimpleToVerifyInSlice for Vec3 {}
-impl flatbuffers::SafeSliceAccess for Vec3 {}
 impl<'a> flatbuffers::Follow<'a> for Vec3 {
  type Inner = &'a Vec3;
  #[inline]
-  fn follow(buf: &'a [u8], loc: usize) -> Self::Inner {
+  unsafe fn follow(buf: &'a [u8], loc: usize) -> Self::Inner {
    <&'a Vec3>::follow(buf, loc)
  }
 }
 impl<'a> flatbuffers::Follow<'a> for &'a Vec3 {
  type Inner = &'a Vec3;
  #[inline]
-  fn follow(buf: &'a [u8], loc: usize) -> Self::Inner {
+  unsafe fn follow(buf: &'a [u8], loc: usize) -> Self::Inner {
    flatbuffers::follow_cast_ref::<Vec3>(buf, loc)
  }
 }
 impl<'b> flatbuffers::Push for Vec3 {
    type Output = Vec3;
    #[inline]
-    fn push(&self, dst: &mut [u8], _rest: &[u8]) {
-        let src = unsafe {
-            ::core::slice::from_raw_parts(self as *const Vec3 as *const u8, Self::size())
-        };
-        dst.copy_from_slice(src);
-    }
-}
-impl<'b> flatbuffers::Push for &'b Vec3 {
-    type Output = Vec3;
-
-    #[inline]
-    fn push(&self, dst: &mut [u8], _rest: &[u8]) {
-        let src = unsafe {
-            ::core::slice::from_raw_parts(*self as *const Vec3 as *const u8, Self::size())
-        };
+    unsafe fn push(&self, dst: &mut [u8], _written_len: usize) {
+        let src = ::core::slice::from_raw_parts(self as *const Vec3 as *const u8, Self::size());
        dst.copy_from_slice(src);
    }
 }
@@ -95,70 +81,88 @@ impl<'a> Vec3 {
  }

  pub fn x(&self) -> f32 {
-    let mut mem = core::mem::MaybeUninit::<f32>::uninit();
-    unsafe {
+    let mut mem = core::mem::MaybeUninit::<<f32 as EndianScalar>::Scalar>::uninit();
+    // Safety:
+    // Created from a valid Table for this object
+    // Which contains a valid value in this slot
+    EndianScalar::from_little_endian(unsafe {
      core::ptr::copy_nonoverlapping(
        self.0[0..].as_ptr(),
        mem.as_mut_ptr() as *mut u8,
-        core::mem::size_of::<f32>(),
+        core::mem::size_of::<<f32 as EndianScalar>::Scalar>(),
      );
      mem.assume_init()
-    }.from_little_endian()
+    })
  }

  pub fn set_x(&mut self, x: f32) {
    let x_le = x.to_little_endian();
+    // Safety:
+    // Created from a valid Table for this object
+    // Which contains a valid value in this slot
    unsafe {
      core::ptr::copy_nonoverlapping(
-        &x_le as *const f32 as *const u8,
+        &x_le as *const _ as *const u8,
        self.0[0..].as_mut_ptr(),
-        core::mem::size_of::<f32>(),
+        core::mem::size_of::<<f32 as EndianScalar>::Scalar>(),
      );
    }
  }

  pub fn y(&self) -> f32 {
-    let mut mem = core::mem::MaybeUninit::<f32>::uninit();
-    unsafe {
+    let mut mem = core::mem::MaybeUninit::<<f32 as EndianScalar>::Scalar>::uninit();
+    // Safety:
+    // Created from a valid Table for this object
+    // Which contains a valid value in this slot
+    EndianScalar::from_little_endian(unsafe {
      core::ptr::copy_nonoverlapping(
        self.0[4..].as_ptr(),
        mem.as_mut_ptr() as *mut u8,
-        core::mem::size_of::<f32>(),
+        core::mem::size_of::<<f32 as EndianScalar>::Scalar>(),
      );
      mem.assume_init()
-    }.from_little_endian()
+    })
  }

  pub fn set_y(&mut self, x: f32) {
    let x_le = x.to_little_endian();
+    // Safety:
+    // Created from a valid Table for this object
+    // Which contains a valid value in this slot
    unsafe {
      core::ptr::copy_nonoverlapping(
-        &x_le as *const f32 as *const u8,
+        &x_le as *const _ as *const u8,
        self.0[4..].as_mut_ptr(),
-        core::mem::size_of::<f32>(),
+        core::mem::size_of::<<f32 as EndianScalar>::Scalar>(),
      );
    }
  }

  pub fn z(&self) -> f32 {
-    let mut mem = core::mem::MaybeUninit::<f32>::uninit();
-    unsafe {
+    let mut mem = core::mem::MaybeUninit::<<f32 as EndianScalar>::Scalar>::uninit();
+    // Safety:
+    // Created from a valid Table for this object
+    // Which contains a valid value in this slot
+    EndianScalar::from_little_endian(unsafe {
      core::ptr::copy_nonoverlapping(
        self.0[8..].as_ptr(),
        mem.as_mut_ptr() as *mut u8,
-        core::mem::size_of::<f32>(),
+        core::mem::size_of::<<f32 as EndianScalar>::Scalar>(),
      );
      mem.assume_init()
-    }.from_little_endian()
+    })
  }

  pub fn set_z(&mut self, x: f32) {
    let x_le = x.to_little_endian();
+    // Safety:
+    // Created from a valid Table for this object
+    // Which contains a valid value in this slot
    unsafe {
      core::ptr::copy_nonoverlapping(
-        &x_le as *const f32 as *const u8,
+        &x_le as *const _ as *const u8,
        self.0[8..].as_mut_ptr(),
-        core::mem::size_of::<f32>(),
+        core::mem::size_of::<<f32 as EndianScalar>::Scalar>(),
      );
    }
  }