You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
OptionCore uses a Vec<Option<T>>. It maintains that all elements between len and cap are initialized to None. Some methods rely on this. Unfortunately, I don't think there are super clear promises given by the docs of Vec. There is this part:
Vec will not specifically overwrite any data that is removed from it, but also won’t specifically preserve it. Its uninitialized memory is scratch space that it may use however it wants. It will generally just do whatever is most efficient or otherwise easy to implement. Do not rely on removed data to be erased for security purposes. Even if you drop a Vec, its buffer may simply be reused by another allocation. Even if you zero a Vec’s memory first, that might not actually happen because the optimizer does not consider this a side-effect that must be preserved. There is one case which we will not break, however: using unsafe code to write to the excess capacity, and then increasing the length to match, is always valid.
Plus the documentation of set_len with the example. But this just suggests that writing to uninitialized memory and then immediately calling set_len is fine. No promises that any other method calls would preserve the memory after len.
So I think I would probably feel more comfortable just not using Vec but writing custom allocation and all of that.
The text was updated successfully, but these errors were encountered:
OptionCore
uses aVec<Option<T>>
. It maintains that all elements betweenlen
andcap
are initialized toNone
. Some methods rely on this. Unfortunately, I don't think there are super clear promises given by the docs ofVec
. There is this part:Plus the documentation of
set_len
with the example. But this just suggests that writing to uninitialized memory and then immediately callingset_len
is fine. No promises that any other method calls would preserve the memory afterlen
.So I think I would probably feel more comfortable just not using
Vec
but writing custom allocation and all of that.The text was updated successfully, but these errors were encountered: