From 7612ad77975331c91aec8ab2a269b31b22668972 Mon Sep 17 00:00:00 2001 From: Ulrik Sverdrup Date: Tue, 14 Apr 2020 21:35:37 +0200 Subject: [PATCH] Vec drop and truncate: drop using raw slice *mut [T] By creating a *mut [T] directly (without going through &mut [T]), avoid questions of validity of the contents of the slice. Consider the following risky code: ```rust unsafe { let mut v = Vec::::with_capacity(16); v.set_len(16); } ``` The intention is that with this change, the above snippet will be sound because Vec::drop does no longer produces a mutable slice of the vector's contents. --- src/liballoc/vec.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/liballoc/vec.rs b/src/liballoc/vec.rs index 7ef281ff208..21c387e59e2 100644 --- a/src/liballoc/vec.rs +++ b/src/liballoc/vec.rs @@ -741,7 +741,7 @@ pub fn truncate(&mut self, len: usize) { return; } let remaining_len = self.len - len; - let s = slice::from_raw_parts_mut(self.as_mut_ptr().add(len), remaining_len); + let s = ptr::slice_from_raw_parts_mut(self.as_mut_ptr().add(len), remaining_len); self.len = len; ptr::drop_in_place(s); } @@ -2379,7 +2379,7 @@ unsafe impl<#[may_dangle] T> Drop for Vec { fn drop(&mut self) { unsafe { // use drop for [T] - ptr::drop_in_place(&mut self[..]); + ptr::drop_in_place(ptr::slice_from_raw_parts_mut(self.as_mut_ptr(), self.len)) } // RawVec handles deallocation }