Possible unsound public API

Open charlesxsh opened this issue 9 months ago • 0 comments

    pub fn remove_prefix(&mut self, prefix_len: usize) {
        let len = self.bytes.len();
        let ptr = self.bytes.as_mut_ptr();
        // SAFETY: `bytes` is already a reference bounded by a lifetime
        self.bytes =
            unsafe { std::slice::from_raw_parts_mut(ptr.add(prefix_len), len - prefix_len) };
    }

For the prefix_len, it is used in pointer.add without the sufficient checks, which might cause memory risks. In Rust, we should not cause any memory issues if merely use safe function.

Suggestions:

adding appropriate checks
make this function unsafe to notify/warn developer/user

Apr 24 '25 20:04 charlesxsh