fix(rust): Zero vtable memory in write_vtable to prevent uninitialized data (#8898)

The write_vtable() function's comment claimed to "fill the WIP vtable with zeros" but make_space() only reserves memory without initializing it. When using custom allocators with non-zeroed buffers, unset vtable field entries would contain garbage instead of zero (which indicates "use default value"). This fix explicitly zeros the vtable memory after reserving space, matching the C++ implementation's buf_.fill_big() behavior. Added regression test using a garbage-filled allocator (0xAA) that verifies vtable entries for unset fields are properly zeroed. Fixes #8894
2026-06-01 19:58:15 +00:00 · 2026-02-04 09:00:44 -05:00
parent e5a9ff757f
commit 429c28c783
2 changed files with 166 additions and 0 deletions
--- a/rust/flatbuffers/src/builder.rs
+++ b/rust/flatbuffers/src/builder.rs
@@ -611,6 +611,8 @@ impl<'fbb, A: Allocator> FlatBufferBuilder<'fbb, A> {
        // Write the VTable (we may delete it afterwards, if it is a duplicate):
        let vt_start_pos = self.head;
        let vt_end_pos = self.head + vtable_byte_len;
+        // Zero out the vtable space - make_space only reserves but doesn't initialize
+        self.allocator[vt_start_pos.range_to(vt_end_pos)].fill(0);
        {
            // write the vtable header:
            let vtfw =