julia icon indicating copy to clipboard operation
julia copied to clipboard
verified publisher icon JuliaLang

Do not give `StringVector`s to users

Open jakobnissen opened this issue 1 year ago • 1 comments

A StringVector v is a Vector{UInt8} which wraps memory allocated as a string. This allows String(v) to be zero-copy which is good for performance. However, if users are handed a StringVector directly, they can use that to unknowingly mutate strings, which is illegal. For example, suppose a user calls a function f which returns a StringVector v. They can then do the following to mutate a string s:

v = fill!(Base.StringVector(3), 0x00);
v2 = reshape(v, 3, 1)
s = String(v) # all zeros
v2[1] = 0x01
s

The solution in this PR is to not ever let StringVectors escape out to the user, by instead returning normal Vector{UInt8} from the functions that would otherwise do so.

For reviewers

Potential solution to #54434 Alternative to #54424

Still needs to be rebased on top of #54372 before merging, as these two PRs overlap quite a bit

jakobnissen avatar May 13 '24 12:05 jakobnissen

This seems a bit strange since StringVectors seem to be particularly made to be used in IOBuffer:

https://github.com/JuliaLang/julia/blob/bbae41749518d7f1f7c5b5b60569ec1a7c15acb4/base/iobuffer.jl#L43-L45

KristofferC avatar May 13 '24 13:05 KristofferC