trees icon indicating copy to clipboard operation
trees copied to clipboard
verified publisher icon oooutlk

Possible Unsafe Memory Access Without Safety Justification in node_vec.rs

Open yaokunzhang opened this issue 7 months ago • 2 comments

Issue Summary

Thank you for appreciating this excellent open-source project. Our static analysis tool has identified potential safety issues in the node_vec.rs file. The node_vec.rs file contains potentially unsafe code patterns that bypass Rust’s safety guarantees without appropriate justification or documentation. These issues were detected by a static analysis tool and are primarily located in the non_null_node and make_node functions.

Details

non_null_node Function:

pub(crate) fn non_null_node(&self, index: usize) -> NonNull<Node<T>> {
    unsafe {
        NonNull::new_unchecked(
            self.buf.get_unchecked(index)
                .try_borrow_unguarded()
                .unwrap() as *const Node<T> as *mut Node<T>
        )
    }
}

Uses get_unchecked to bypass bounds checking

make_node Function:

pub(crate) fn make_node(
    &mut self,
    parent: Option<NonNull<Node<T>>>,
    index: usize,
    data: Data<T>,
    size: Size
) -> NonNull<Node<T>> {
    unsafe {
        let node = self.buf.get_unchecked_mut(index);
        // ...
    }
}

Uses get_unchecked_mut to skip bounds checking

Recommendation

To ensure memory safety and uphold Rust’s safety principles:

  • Consider marking these functions as unsafe fn if the caller must uphold certain invariants.
  • Add detailed documentation comments explaining the safety requirements for these functions.

yaokunzhang avatar May 15 '25 08:05 yaokunzhang