Open lwz23 opened 4 days ago
same for https://github.com/Xudong-Huang/may/blob/a66d8fe2ea3c50fbcf3723f26652ce74d7d08378/src/io/sys/windows/iocp.rs#L112 fn select
and https://github.com/Xudong-Huang/may/blob/a66d8fe2ea3c50fbcf3723f26652ce74d7d08378/src/scheduler.rs#L133
fn run_queued_tasks
and
https://github.com/Xudong-Huang/may/blob/a66d8fe2ea3c50fbcf3723f26652ce74d7d08378/src/scheduler.rs#L204
fn schedule_with_id
I note that both the io
and schedule
modules are private, and it seems unlikely that all users will be able to call these potentially problematic functions directly, but since this is the case, I suggest that instead of declaring these functions as pub
, it might be more appropriate to declare them as pub(crate)
.
You are correct, thanks!
Description The wakeup function uses unsafe { self.vec.get_unchecked(id) } to access an element in the self.vec collection without bounds checking. This introduces undefined behavior (UB) if the provided id index is out of bounds. The lack of validation makes this function unsound. https://github.com/Xudong-Huang/may/blob/a66d8fe2ea3c50fbcf3723f26652ce74d7d08378/src/io/sys/unix/epoll.rs#L155
Problems: this function is a
pub
function, so I assume user can control theid
field, it cause some problems.Suggestion
unsafe
and provide safety doc.Additional Context: Rust's unsafe constructs require strict validation to maintain safety guarantees. The current implementation of wakeup assumes the index is always valid but does not enforce or document this requirement, making the function unsound. By using safe indexing and providing error handling, the function can prevent undefined behavior while remaining robust and user-friendly.