Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[stdlib] Fix unsafe String.write_bytes() #3773

Closed
wants to merge 4 commits into from
Closed

[stdlib] Fix unsafe String.write_bytes() #3773

wants to merge 4 commits into from

Conversation

martinvuyk
Copy link
Contributor

Fix an unsafe assumption that the span is null terminated.

@martinvuyk martinvuyk requested a review from a team as a code owner November 15, 2024 19:05
JoeLoser
JoeLoser reviewed Nov 15, 2024
View reviewed changes
Copy link
Collaborator

@JoeLoser JoeLoser left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the fix! A few questions:

  1. Is there a unit test we can add to expose this bug?
  2. Should we add a debug_assert to ensure the argument to write_bytes is not null terminated per the doc string?

@martinvuyk
Copy link
Contributor Author

martinvuyk commented Nov 15, 2024
edited
Loading

I added a debug assert for the null termination, still there can be the case of data with a 0 somewhere in the middle but I'll leave a # TODO until PR #3686 gets merged which can count faster. Do you think it will be necessary to ensure no zeroes in the middle ? it might slow down the whole CI since string writing is something that gets used a lot.

Is there a unit test we can add to expose this bug?

I don't think there is one, since this was a call to a private method

@JoeLoser
Copy link
Collaborator

LGTM when CI is passing

@JoeLoser
Copy link
Collaborator

I added a debug assert for the null termination, still there can be the case of data with a 0 somewhere in the middle but I'll leave a # TODO until PR #3686 gets merged which can count faster. Do you think it will be necessary to ensure no zeroes in the middle ? it might slow down the whole CI since string writing is something that gets used a lot.

Is there a unit test we can add to expose this bug?

I don't think there is one, since this was a call to a private method

I think what you have is fine wrt the debug_assert safety check - thanks for adding that! Makes sense re the unit test.

@martinvuyk
fix bounds check
a262550 
Signed-off-by: martinvuyk <[email protected]>
@martinvuyk
Copy link
Contributor Author

I don't think there is one, since this was a call to a private method

I mean theoretically we could, just need to find a way for the allocation to be just on the limit of a page and try to access that to get a segfault 😆

@martinvuyk
revert debug assert
8dd4acd 
Signed-off-by: martinvuyk <[email protected]>
@martinvuyk
Copy link
Contributor Author

martinvuyk commented Nov 15, 2024
edited
Loading

@JoeLoser one problem, in Python unlike C you might actually have a string "\x00" which would be List[Byte](0, 0) and this debug assert would complain.

>>> print(repr("\0"), bytes("\0", "utf8"))
'\x00' b'\x00'

luckily we had tests that caught this

@JoeLoser
Copy link
Collaborator

!sync

@modularbot modularbot added the imported-internally Signals that a given pull request has been imported internally. label Nov 15, 2024
@modularbot
Copy link
Collaborator

✅🟣 This contribution has been merged 🟣✅

Your pull request has been merged to the internal upstream Mojo sources. It will be reflected here in the Mojo repository on the nightly branch during the next Mojo nightly release, typically within the next 24-48 hours.

We use Copybara to merge external contributions, click here to learn more.

@modularbot modularbot added the merged-internally Indicates that this pull request has been merged internally label Nov 16, 2024
modularbot pushed a commit that referenced this pull request Nov 17, 2024
@martinvuyk @modularbot
[External] [stdlib] Fix unsafe String.write_bytes() (#50972)
194b24b 
[External] [stdlib] Fix unsafe `String.write_bytes()`

Fix an unsafe assumption that the span is null terminated.

Co-authored-by: martinvuyk <[email protected]>
Closes #3773
MODULAR_ORIG_COMMIT_REV_ID: 4b07e6d189015a2053b6f8f3a5a0249ab00b3b1f
@modularbot
Copy link
Collaborator

Landed in 194b24b! Thank you for your contribution 🎉

@modularbot modularbot added the merged-externally Merged externally in public mojo repo label Nov 17, 2024
@modularbot modularbot closed this Nov 17, 2024
msaelices pushed a commit to msaelices/mojo that referenced this pull request Nov 20, 2024
@martinvuyk @msaelices
[External] [stdlib] Fix unsafe String.write_bytes() (#50972)
a5d36a8 
[External] [stdlib] Fix unsafe `String.write_bytes()`

Fix an unsafe assumption that the span is null terminated.

Co-authored-by: martinvuyk <[email protected]>
Closes modularml#3773
MODULAR_ORIG_COMMIT_REV_ID: 4b07e6d189015a2053b6f8f3a5a0249ab00b3b1f
msaelices pushed a commit to msaelices/mojo that referenced this pull request Nov 22, 2024
@martinvuyk @msaelices
[External] [stdlib] Fix unsafe String.write_bytes() (#50972)
60fe195 
[External] [stdlib] Fix unsafe `String.write_bytes()`

Fix an unsafe assumption that the span is null terminated.

Co-authored-by: martinvuyk <[email protected]>
Closes modularml#3773
MODULAR_ORIG_COMMIT_REV_ID: 4b07e6d189015a2053b6f8f3a5a0249ab00b3b1f

Signed-off-by: Manuel Saelices <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JoeLoser JoeLoser JoeLoser approved these changes

Assignees

@JoeLoser JoeLoser

Labels
imported-internally Signals that a given pull request has been imported internally. merged-externally Merged externally in public mojo repo merged-internally Indicates that this pull request has been merged internally
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@martinvuyk @JoeLoser @modularbot