nix
nix copied to clipboard
nix-rust
Safety of exec* functions
I believe that all of the functions of exec group must be marked with unsafe. The reason is quite simple: these calls are equivalent to calling an extern "C" function (which is unsafe). In particular it's quite trivial to get a segfault with only safe rust which executes a C binary.
IIRC exec stops execution of current process before loading new image, so from Rust PoV exec is indistinguishable from exit.
Could you show code that triggers UB?
There's nothing special, I simply call execv* on binary (firefox in particular) but without necessary arguments which leads to segfault. Personally it was surprising to have a segfault without a single line of unsafe code (well, actually there was one, but it took some time to figure out that it wasn't really related to segfault).
You statement regarding stopping execution make sense indeed, though from the code it might be quite hard to find the issue source (since the first thing to do with a segfault is usually grep for unsafe keyword). Feel free to close the issue anyway if it isn't UB indeed.
@l4l Could you clarify where the segfault is occurring? Is it Firefox (or the dynamic loader, post exec) that's segfaulting because it's being given the wrong arguments, or is it happing in the exec call itself because something about the argv or other setup is incorrect?
If it's the former, I think it's out of scope of nix (but I'm also not a maintainer, so take that with a grain of salt). If it's the latter, it sounds like a correctness error in nix's exec wrapper.
@woodruffw yeah, I figured out later and forgot about that discussion. The segfault comes from firefox due to incorrect arguments, in particular I forgot to pass argv[0] as the binary path (which by the way works fine for most of other binaries).
