Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DispatchFromDyn builtin checks are weaker than CoerceUnsized #135215

Closed
BoxyUwU opened this issue Jan 7, 2025 · 5 comments · Fixed by #135228
Closed

DispatchFromDyn builtin checks are weaker than CoerceUnsized #135215

BoxyUwU opened this issue Jan 7, 2025 · 5 comments · Fixed by #135228
Labels
A-coercions Area: implicit and explicit `expr as Type` coercions F-derive_coerce_pointee Feature: RFC 3621's oft-renamed implementation T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. T-types Relevant to the types team, which will review and decide on the PR/issue.

Comments

@BoxyUwU
Copy link
Member

BoxyUwU commented Jan 7, 2025
edited by workingjubilee
Loading

DispatchFromDyn doesn't require the type parameter to only be used in one field and potentially phantomdata, instead it requires one field and arbitarily many ZSTs playground. This in theory means that dispatch from dyn impls can result in effectively arbitrary transmutes from MyZST<dyn Trait> to MyZST<Foo>.

In practice I don't think this is exploitable, regardless I don't think we should stabilize the ability for semi-user-written impls or trait bounds to be written involving this trait until the builtin checks are brought in line with CoerceUnsized.

edit: thanks to @steffahn for pointing this out

@rfcbot concern DispatchFromDyn builtin checks are weaker than CoerceUnsized

Originally posted by @BoxyUwU in #133820 (comment)
@rustbot rustbot added the needs-triage This issue may need triage. Remove it if it has been sufficiently triaged. label Jan 7, 2025
@BoxyUwU BoxyUwU added T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. A-coercions Area: implicit and explicit `expr as Type` coercions T-types Relevant to the types team, which will review and decide on the PR/issue. F-derive_coerce_pointee Feature: RFC 3621's oft-renamed implementation and removed needs-triage This issue may need triage. Remove it if it has been sufficiently triaged. labels Jan 7, 2025
@ojeda ojeda mentioned this issue Jan 7, 2025
Open
90 tasks
@steffahn
Copy link
Member

steffahn commented Jan 7, 2025

I think actually @Darksonn noticed this issue.

It's definitely an issue for dispatch-from-dyn as a feature. Is this the right place to track that, or is this specific to the issue only as far as it is relevant for CoercePointee?

@steffahn

This comment has been minimized.

Sign in to view
@Darksonn
Copy link
Contributor

Darksonn commented Jan 7, 2025

Is this really a concern for derive(CoercePointee)? The macro also emits a CoerceUnsize implementation, which comes with the PhantomData validation that is needed to fix this.

@workingjubilee workingjubilee changed the title concern DispatchFromDyn builtin checks are weaker than CoerceUnsized DispatchFromDyn builtin checks are weaker than CoerceUnsized Jan 7, 2025
@steffahn steffahn mentioned this issue Jan 7, 2025
Closed
@steffahn
Copy link
Member

steffahn commented Jan 7, 2025

I think it makes sense to track the question of “how much should this be fixed before CoercePointee-stabilization” separately from the issue itself, so I opened #135220

@BoxyUwU
Copy link
Member Author

BoxyUwU commented Jan 7, 2025

tbc this issue is supposed to track the bug itself more so than the actual concern for the stabilization PR. I just didn't bother to write out a proper issue description because i was in a hurry :3

@compiler-errors compiler-errors mentioned this issue Jan 8, 2025
Merged
matthiaskrgr added a commit to matthiaskrgr/rust that referenced this issue Jan 14, 2025
@matthiaskrgr
Rollup merge of rust-lang#135228 - compiler-errors:normalizes-ur-disp…
188d159 
…atch, r=BoxyUwU

Improve `DispatchFromDyn` and `CoerceUnsized` impl validation

* Disallow arbitrary 1-ZST fields in `DispatchFromDyn` -- only `PhantomData`, and 1-ZSTs that mention no params (which is needed to support, e.g., the `Global` alloctor in `Box<T, U = Global>`).
* Don't allow coercing between non-ZSTs to ZSTs (since the previous check wasn't actually checking the field tys were the same before checking the layout...)
* Normalize the field before checking it's `PhantomData`.

Fixes rust-lang#135215
Fixes rust-lang#135214
Fixes rust-lang#135220

r? `@BoxyUwU` or reassign
matthiaskrgr added a commit to matthiaskrgr/rust that referenced this issue Jan 14, 2025
@matthiaskrgr
Rollup merge of rust-lang#135228 - compiler-errors:normalizes-ur-disp…
5af7c9d 
…atch, r=BoxyUwU

Improve `DispatchFromDyn` and `CoerceUnsized` impl validation

* Disallow arbitrary 1-ZST fields in `DispatchFromDyn` -- only `PhantomData`, and 1-ZSTs that mention no params (which is needed to support, e.g., the `Global` alloctor in `Box<T, U = Global>`).
* Don't allow coercing between non-ZSTs to ZSTs (since the previous check wasn't actually checking the field tys were the same before checking the layout...)
* Normalize the field before checking it's `PhantomData`.

Fixes rust-lang#135215
Fixes rust-lang#135214
Fixes rust-lang#135220

r? ``@BoxyUwU`` or reassign
@bors bors closed this as completed in f256f9e Jan 15, 2025
rust-timer added a commit to rust-lang-ci/rust that referenced this issue Jan 15, 2025
@rust-timer
Unrolled build for rust-lang#135228
600c38d 
Rollup merge of rust-lang#135228 - compiler-errors:normalizes-ur-dispatch, r=BoxyUwU

Improve `DispatchFromDyn` and `CoerceUnsized` impl validation

* Disallow arbitrary 1-ZST fields in `DispatchFromDyn` -- only `PhantomData`, and 1-ZSTs that mention no params (which is needed to support, e.g., the `Global` alloctor in `Box<T, U = Global>`).
* Don't allow coercing between non-ZSTs to ZSTs (since the previous check wasn't actually checking the field tys were the same before checking the layout...)
* Normalize the field before checking it's `PhantomData`.

Fixes rust-lang#135215
Fixes rust-lang#135214
Fixes rust-lang#135220

r? ```@BoxyUwU``` or reassign
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-coercions Area: implicit and explicit `expr as Type` coercions F-derive_coerce_pointee Feature: RFC 3621's oft-renamed implementation T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. T-types Relevant to the types team, which will review and decide on the PR/issue.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Improve DispatchFromDyn and CoerceUnsized impl validation compiler-errors/rust
4 participants
@Darksonn @steffahn @BoxyUwU @rustbot