RazrFalcon
commented
3 weeks ago There is nothing "unsound" about it. Our Buffer doesn't operate on raw pointers. It's just a minor logic error that cannot effect memory safety.
Also, it's nearly impossible to make ensure fail, so it's fine anyways.
CXWorks
Hi, thanks for your time to read this issue. Our static analysis tool found there might be an unsound issue in your
set_lenimplementation of buffer:https://github.com/RazrFalcon/rustybuzz/blob/71e33a06bc941338b116c558fb3f09d48818237c/src/hb/buffer.rs#L1213-L1216
Because this can change the logical length of the buffer and in the
ensuremethod, if the length exceeds the max length, altough it returns false indicating the failure, the len of buffer is still changed. As a reference, in std library, all theset_lenmethod are marked as unsafe:https://github.com/rust-lang/rust/blob/63a0bdd5622eaf6b9524702f055bb4525acfc9f2/library/alloc/src/vec/mod.rs#L1849-L1853
Thanks again for your time.