Skip to content

dc_array: panic on null pointers and out of range indexes #333

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 13, 2019
Merged

dc_array: panic on null pointers and out of range indexes #333

merged 1 commit into from
Aug 13, 2019

Conversation

link2xt
Copy link
Collaborator

@link2xt link2xt commented Aug 11, 2019

No description provided.

KAction
KAction reviewed Aug 11, 2019
View reviewed changes
src/dc_array.rs
(*array).get_ptr(index)
}
assert!(!array.is_null());
(*array).get_ptr(index)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here you remove index >= (*array).len() check.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

get_ptr() does this check. It is safe, actually.

@link2xt link2xt changed the title dc_array: panic on null pointers and out of range indexes WIP: dc_array: panic on null pointers and out of range indexes Aug 11, 2019
@link2xt
Copy link
Collaborator Author

link2xt commented Aug 11, 2019

WIP as I want to rebase it on top of #334

@link2xt link2xt changed the title WIP: dc_array: panic on null pointers and out of range indexes dc_array: panic on null pointers and out of range indexes Aug 13, 2019
Jikstra
Jikstra suggested changes Aug 13, 2019
View reviewed changes
src/dc_array.rs
} else {
(*array).get_uint(index)
}
assert!(!array.is_null());
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Panicing on a null pointer changes the behaviour of the ffi, i think we should avoid this. If it's null, we should return a 0

https://github.com/deltachat/deltachat-core/blob/e4ce281dc2c8cb1d0765f0e2e73f7846cbba3faa/src/dc_array.c#L252

Copy link
Contributor

@Jikstra Jikstra Aug 13, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@r10s what do you think about this? Is it likely that we break android/ios at some points with this change?

<Jikstra> we have to be careful with panics in the ffi just because array is a null pointer
<Jikstra> the api allowed us to do weird stuff, panicing will break all apps based on -core-rust
<link2xt[m]> yes, but such panics can be easily debugged
<link2xt[m]> if FFI call panics, it panics immediately
<link2xt[m]> and then you know you should not pass invalid value into it
<link2xt[m]> a simple if is enough to fix it in this case, but it may happen to be an actual bug

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See #291 for previous discussion of similar changes. No input from @r10s there, but it got merged.

@link2xt link2xt merged commit 3175c4f into chatmail:master Aug 13, 2019
@link2xt
Copy link
Collaborator Author

link2xt commented Aug 13, 2019

deltachat-ffi/src/lib.rs already has the same assertions anyway

Now going to move all unsafe code to FFI

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
2 more reviewers

@Jikstra Jikstra Jikstra approved these changes

@KAction KAction KAction left review comments

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@link2xt @Jikstra @KAction