Skip to content

transmute &[T] to &[U] may cause truncations for whole bit-pattern when size_of::<T> > size_of::<U> #10286

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
KisaragiEffective opened this issue Feb 4, 2023 · 0 comments · Fixed by #11849
Closed

transmute &[T] to &[U] may cause truncations for whole bit-pattern when size_of::<T> > size_of::<U> #10286

KisaragiEffective opened this issue Feb 4, 2023 · 0 comments · Fixed by #11849
Labels
A-lint Area: New lints

Comments

@KisaragiEffective
Copy link
Contributor

What it does

Consider following example:

let a: &[u32] = &[0x12345678, 0x90ABCDEF, 0xFEDCBA09, 0x87654321];
let b: &[u8] = unsafe { std::mem::transmute(a) };

assert_eq!(b[0], 0x78);
assert_eq!(b[1], 0xEF);
assert_eq!(b[2], 0x09);
assert_eq!(b[3], 0x21);

but this is not true. This may be true (depending on architecture):

assert_eq!(b[0], 0x12);
assert_eq!(b[1], 0x34);
assert_eq!(b[2], 0x56);
assert_eq!(b[3], 0x78);

or this:

assert_eq!(b[0], 0x78);
assert_eq!(b[1], 0x56);
assert_eq!(b[2], 0x34);
assert_eq!(b[3], 0x12);

This is generic over both element type (in above example, u32 and u8).

This can be rewritten as:

// reinterpret bit-pattern of *each element*
let b: &[u8] = a.iter()
    .map(|it| unsafe { std::mem::transmute(it) })
    .collect::<Vec<_>>()
    .collect();

or

// reinterpret whole bit-pattern
let (prefix, align_result, suffix) = original_slice.align_to::<u8>();
assert_eq!(prefix.len(), 0);
assert_eq!(suffix.len(), 0);

Lint Name

transmute_to_smaller_element_may_cause_truncation

Category

suspicious

Advantage

  • Prevents truncations for whole bit-pattern.

Drawbacks

  • None

Example

let a: &[u32] = &[0x12345678, 0x90ABCDEF, 0xFEDCBA09, 0x87654321];
let b: &[u8] = unsafe { std::mem::transmute(a) };

Could be written as:

// reinterpret bit-pattern of *each element*
let b: &[u8] = a.iter()
    .map(|it| unsafe { std::mem::transmute(it) })
    .collect::<Vec<_>>()
    .collect();

or

// reinterpret whole bit-pattern
let (prefix, b, suffix) = original_slice.align_to::<u8>();
assert_eq!(prefix.len(), 0);
assert_eq!(suffix.len(), 0);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-lint Area: New lints
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add tests for issues #10285, #10286, #10289, #10287 GuillaumeGomez/rust-clippy
1 participant
@KisaragiEffective