Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

It should be unsafe to cast an extern function to a function pointer #55226

Closed
matthewjasper opened this issue Oct 20, 2018 · 7 comments
Closed

It should be unsafe to cast an extern function to a function pointer #55226

matthewjasper opened this issue Oct 20, 2018 · 7 comments
Labels
A-FFI Area: Foreign function interface (FFI) A-linkage Area: linking into static, shared libraries and binaries C-bug Category: This is a bug.

Comments

@matthewjasper
Copy link
Contributor

The following code gives a linker error, which arguably shouldn't happen in safe code.

extern {
    fn doesnt_exist();
}
fn main() {
    println!("{:p}", doesnt_exist as unsafe extern "C" fn());
}

Playground
@matthewjasper matthewjasper added the I-unsound Issue: A soundness hole (worst kind of bug), see: https://en.wikipedia.org/wiki/Soundness label Oct 20, 2018
@hanna-kruppe
Copy link
Contributor

How is this unsound? Linker errors aren't great, but how do they jeopardize memory safety in any way?

@matthewjasper
Copy link
Contributor Author

matthewjasper commented Oct 20, 2018
edited
Loading

Closing as a dupe of #46188 (which shows how this is a soundness issue) or not

@hanna-kruppe
Copy link
Contributor

That issue has nothing to do with linker errors. The only common factor is that it involves an extern declaration.

@matthewjasper matthewjasper reopened this Oct 20, 2018
@hanna-kruppe
Copy link
Contributor

Ok so apparently we agree it's a different issue from #46188, which means my original question still stands: how is this a soundness issue?

@anirudhb
Copy link
Contributor

anirudhb commented Oct 21, 2018
edited
Loading

This seems like a linker problem to me; Rust has no way to fix this without something like a non-executable/null pointer check, which would have performance impacts on casting. For all rustc knows, when the code is linked, it could be referring to a global static, but only the linker knows that.

edit: on systems where NX is supported, tbh this really isn't a soundness issue.

@Centril
Copy link
Contributor

Centril commented Nov 2, 2018

@matthewjasper any thoughts on #55226 (comment)?

@oli-obk oli-obk added A-linkage Area: linking into static, shared libraries and binaries A-FFI Area: Foreign function interface (FFI) C-bug Category: This is a bug. and removed I-unsound Issue: A soundness hole (worst kind of bug), see: https://en.wikipedia.org/wiki/Soundness labels Nov 2, 2018
@Mark-Simulacrum
Copy link
Member

To my knowledge this is essentially unfixable without implementing a linker ourselves or somehow catching the linker errors and re-displaying them in a nicer way, both of which seem impossible or out of scope, so I'm going to close this. I agree with folks that this is not a soundness issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-FFI Area: Foreign function interface (FFI) A-linkage Area: linking into static, shared libraries and binaries C-bug Category: This is a bug.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@oli-obk @Centril @hanna-kruppe @Mark-Simulacrum @anirudhb @matthewjasper