ruduino icon indicating copy to clipboard operation
ruduino copied to clipboard
verified publisher icon avr-rust

`Register` trait is unsound

Open WaffleLapkin opened this issue 5 years ago • 1 comments

Register trait allows reading and writing any pointer in safe code which is unsound.

Example:

use ruduino::Register;

struct Unsound;

impl Register for Unsound {
    type T = u8;

    const ADDRESS: *mut Self::T = core::ptr::null_mut();

    // default implementations of `write`, `read`, `set_musk_raw`, `toggle_raw`, 
    // `is_mask_set_raw` and `is_clear_raw` dereference `Self::ADDRESS`
    // (other methods also depend on them)
}

fn main() {
    println!("{}", Unsound::read());
}

(for me in debug it produces Process finished with exit code 139 (interrupted by signal 11: SIGSEGV) and in the release mode it prints 0)

Possible solutions:

  • make Register trait unsafe
  • do not provide unsound default impls

WaffleLapkin avatar Jul 26 '20 11:07 WaffleLapkin

Yeah that should definitely be an unsafe trait. Maybe also sealed as no one should be able to implement it out of the library.

shepmaster avatar Jul 26 '20 13:07 shepmaster