Skip to content

Commit

Permalink
Remove unsafe and unnecessary size argument from FileDesc::read() (
Browse files Browse the repository at this point in the history
…#821)

The `size` argument to `FileDesc::read()` is not checked against the
length of the buffer, so `libc::read()` could end up writing past the
buffer if we passed a size that's too large. However, we always pass
exactly the size of the buffer, so that doesn't happen. Let's just
remove the argument since it's not currently needed, thereby removing
the risk of bugs if the function is used incorrectly by future
callers.

This came up in review of `unsafe` Rust code at my company.
  • Loading branch information
martinvonz authored May 3, 2024
1 parent f54e937 commit 6fde554
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 3 deletions.
2 changes: 1 addition & 1 deletion src/event/source/unix/mio.rs
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,7 @@ impl EventSource for UnixInternalEventSource {
match token {
TTY_TOKEN => {
loop {
match self.tty_fd.read(&mut self.tty_buffer, TTY_BUFFER_SIZE) {
match self.tty_fd.read(&mut self.tty_buffer) {
Ok(read_count) => {
if read_count > 0 {
self.parser.advance(
Expand Down
4 changes: 2 additions & 2 deletions src/terminal/sys/file_descriptor.rs
Original file line number Diff line number Diff line change
Expand Up @@ -29,12 +29,12 @@ impl FileDesc {
FileDesc { fd, close_on_drop }
}

pub fn read(&self, buffer: &mut [u8], size: usize) -> io::Result<usize> {
pub fn read(&self, buffer: &mut [u8]) -> io::Result<usize> {
let result = unsafe {
libc::read(
self.fd,
buffer.as_mut_ptr() as *mut libc::c_void,
size as size_t,
buffer.len() as size_t,
)
};

Expand Down

0 comments on commit 6fde554

Please sign in to comment.