Maybe Undefined Behavior in StringView::as_utf8_str #1141
Description
Describe the bug
The StringView::as_utf8_str function in its current implementation is unsound and may lead to undefined behavior (UB) under certain conditions. The function uses an unchecked raw pointer (ptr) and skips UTF-8 validation via from_utf8_unchecked. These unsafe operations can easily result in UB when the ptr field points to invalid memory or when the data at ptr is not valid UTF-8.
Steps to reproduce
pub struct StringView {
pub len: u32,
//pub prefix: [u8; STRING_VIEW_PREFIX_LEN],
pub ptr: usize,
}
impl StringView {
pub fn as_utf8_str(&self) -> &str {
unsafe {
let slice = std::slice::from_raw_parts(self.ptr as *const u8, self.len as usize);
std::str::from_utf8_unchecked(slice)
}
}
}
fn main() {
let invalid_ptr = 0xdeadbeef_usize;
let string_view = StringView {
len: 10,
ptr: invalid_ptr,
};
let result = string_view.as_utf8_str();
println!("Result: {}", result);
}
Expected behavior
The function should validate the pointer and ensure it points to valid memory. Additionally, it should verify that the data is valid UTF-8 before returning a &str.
Additional context
Note that I'm currently only emulating the implementation of this function, and since it doesn't appear to be published to crates.io, I commented out a field to facilitate triggering the UB. But considering that this data_type mod is not a pub mod, I am only reporting this issue for possible security risks, if in fact it is safe here, please don't mind.