search

google / flatbuffers

FlatBuffers: Memory Efficient Serialization Library
https://flatbuffers.dev/
Apache License 2.0
23.1k stars 3.22k forks source link

Rust: Segfault because of self-referential structs #7007

Open TethysSvensson opened 2 years ago

TethysSvensson commented 2 years ago

If you make a self-referential structs in flatbuffers, it still compiles, but outputs invalid code:

struct Foo {
  x: uint64;
  inner_foo: Foo;
}

table Root {
  foo: Foo;
}
mod foo_generated;
use foo_generated::*;

fn main() {
    let mut builder = flatbuffers::FlatBufferBuilder::new();
    let mut foo = Foo::default();
    foo.set_x(17);
    let root = Root::create(&mut builder, &RootArgs { foo: Some(&foo) });
    builder.finish(root, None);
    let data = builder.finished_data();

    // For fun, let's use the stack to decode
    let mut stack_buf = [0; 64];
    stack_buf[..data.len()].copy_from_slice(data);

    let root: Root<'_> = flatbuffers::root::<Root<'_>>(&stack_buf).unwrap();
    let mut foo = root.foo().unwrap();

    loop {
        for _ in 0..4 {
            print!("0x{:016x} ", foo.x());
            foo = foo.inner_foo();
        }
        println!();
    }
}

This code will print the content of the stack and then segfault using only safe rust.

CasperN commented 2 years ago

I think is a general flatbuffers problem -- it does not make sense for a FB struct to be self-referential since they don't support references and would be infinite size. This should have been rejected by the flatc Parser before it got to the Rust code generator. I'd imagine this bug can be replicated in C and possibly elsewhere.

@aardappel

aardappel commented 2 years ago

Yup, the parser should error on this.

github-actions[bot] commented 1 year ago

This issue is stale because it has been open 6 months with no activity. Please comment or label not-stale, or this will be closed in 14 days.

TethysSvensson commented 1 year ago

I don't think this has been fixed.

github-actions[bot] commented 1 year ago

This issue is stale because it has been open 6 months with no activity. Please comment or label not-stale, or this will be closed in 14 days.

TethysSvensson commented 1 year ago

I still don't think this has been fixed.

github-actions[bot] commented 6 months ago

This issue is stale because it has been open 6 months with no activity. Please comment or label not-stale, or this will be closed in 14 days.

TethysSvensson commented 6 months ago

This will still segfault on current master.

github-actions[bot] commented 2 weeks ago

This issue is stale because it has been open 6 months with no activity. Please comment or label not-stale, or this will be closed in 14 days.

TethysSvensson commented 2 weeks ago

Nothing has changed, this still causes a segfault in safe rust on current master.