-
-
Notifications
You must be signed in to change notification settings - Fork 116
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
parse_headers()
enables undefined behavior
#34
Comments
…httparse::parse_headers()` (seanmonstar/httparse#34)
…httparse::parse_headers()` (seanmonstar/httparse#34)
I believe this is caused by the implementation of the internal |
Holy crap, this may be Rust's failing unless I'm fundamentally misunderstanding something here: https://is.gd/pFdpPJ |
So yeah, it's a bug with Rust, haha. |
@abonander Whew! I was genuinely staring at this last night, and wondering "but, I have lifetimes specified, how did I screw this up?!" |
rust-lang/rust#40288 is closed now and any breakage was addressed via Crater run so I think this is safe to close now. |
Simplest reproduction.
As you can see,
parse_headers()
allows borrows tobuf
to escape inheaders
, creating a double-borrow where the original buffer can be mutated while views to it exist.Discovered by accident, I was working on some infinite-loop bugs in multipart when I took a double-take at this function and thought, "Wait a minute, how the hell did this work to begin with?" The
r.consume()
at 80 shouldn't be allowed, but the borrow is escaping.The text was updated successfully, but these errors were encountered: