Skip to content
This repository was archived by the owner on Nov 23, 2025. It is now read-only.

chore: mark ElfLoader::load as unsafe#21

Open
toku-sa-n wants to merge 2 commits into
gz:masterfrom
toku-sa-n:mark_as_unsafe
Open

chore: mark ElfLoader::load as unsafe#21
toku-sa-n wants to merge 2 commits into
gz:masterfrom
toku-sa-n:mark_as_unsafe

Conversation

@toku-sa-n

@toku-sa-n toku-sa-n commented Jun 13, 2021

Copy link
Copy Markdown
Contributor

This method assumes that the memory is allocated by ElfLoader::allocate, but the compiler can't ensure it. Without it, the program may violate memory safety by e.g., modifying memory used by others.

(Sorry, I fixed the branch name.)

toku-sa-n added 2 commits June 13, 2021 21:25
@toku-sa-n
chore: mark ElfLoader::load as unsafe
29a15ec 
This method assumes that the memory is allocated by
`ElfLoader::allocate`, but the compiler can't ensure it. Without it, the
program may violate memory safety by e.g., modifying memory used by
others.
@toku-sa-n
fix: test
61c469a
@gz

gz commented Jun 18, 2021
edited
Loading

Copy link
Copy Markdown
Owner

Hi, thanks for submitting this! Can you walk me through the reasoning or point me to the right documentation when a trait method should be marked unsafe?

I'm struggling a little. I get that allocate() for some/many implementations will allocate memory that is used later by relocate. But I think it's possible to build a safe interface for relocate in many cases too. E.g. you check that the memory is mapped and accessible before you write and otherwise return an error (or panic). A (very silly) but safe implementation for the trait would be our test (https://github.com/gz/rust-elfloader/blob/master/src/lib.rs#L529).

@toku-sa-n toku-sa-n mentioned this pull request Jun 21, 2021
Merged
@toku-sa-n

toku-sa-n commented Jun 22, 2021
edited
Loading

Copy link
Copy Markdown
Contributor Author

I get that allocate() for some/many implementations will allocate memory that is used later by relocate.

How can it be done? What information does LoadableHeaders provide for relocation?

By the way, I think ElfLoader::load can be removed. ElfLoader::load is supposed to just copy the values of region to the allocated place. ProgramHeader::flags returns the readability, writeability, and executability of the region, so flags of ElfLoader::load can be omitted.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@toku-sa-n @gz