Skip to content

Fix UB in Allocator::grow_zeroed#321

Merged
fitzgen merged 1 commit intofitzgen:mainfrom
overlookmotel:fix-grow-zeroed
Apr 27, 2026
Merged

Fix UB in Allocator::grow_zeroed#321
fitzgen merged 1 commit intofitzgen:mainfrom
overlookmotel:fix-grow-zeroed

Conversation

@overlookmotel
Copy link
Copy Markdown
Contributor

@overlookmotel overlookmotel commented Apr 24, 2026
edited
Loading

Allocator::grow_zeroed created a &mut [u8] covering the tail end of a new allocation which may contain uninitialized bytes. This is UB.

Use ptr::write_bytes to zero the bytes instead.

Copilot AI review requested due to automatic review settings April 24, 2026 21:10
@overlookmotel
Copy link
Copy Markdown
Contributor Author

overlookmotel commented Apr 24, 2026

I'm surprised Miri didn't catch this already. Perhaps there isn't test coverage for this method.

Copilot AI reviewed Apr 24, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Fixes undefined behavior in Allocator::grow_zeroed by avoiding creation of a &mut [u8] that would span uninitialized bytes in the grown allocation.

Changes:

  • Replace slice-based tail zeroing with raw-pointer-based zeroing in Allocator::grow_zeroed.
  • Add safety commentary explaining why constructing a full &mut [u8] is UB in this context.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/lib.rs Outdated
@overlookmotel overlookmotel force-pushed the fix-grow-zeroed branch 2 times, most recently from 8ab2952 to a00c16a Compare April 24, 2026 21:22
@overlookmotel overlookmotel requested a review from Copilot April 24, 2026 21:47
Copilot AI reviewed Apr 24, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@overlookmotel overlookmotel mentioned this pull request Apr 25, 2026
Merged
graphite-app Bot pushed a commit to oxc-project/oxc that referenced this pull request Apr 25, 2026
@overlookmotel
fix(allocator): fix UB in Arena::grow_zeroed (#21739)
b9bf239 
Implementation of `grow_zeroed` method of `allocator_api2::alloc::Allocator` trait for `Arena` created a `&mut [u8]` covering the tail end of a new allocation which may contain uninitialized bytes. This is UB.

Fix this by using `NonNull::write_bytes` to zero the bytes instead.

Same fix submitted to `bumpalo`: fitzgen/bumpalo#321
fitzgen
fitzgen approved these changes Apr 27, 2026
View reviewed changes
Copy link
Copy Markdown
Owner

@fitzgen fitzgen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@fitzgen fitzgen merged commit fcf8370 into fitzgen:main Apr 27, 2026
12 of 13 checks passed
@overlookmotel overlookmotel deleted the fix-grow-zeroed branch April 27, 2026 22:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@fitzgen fitzgen fitzgen approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@overlookmotel @fitzgen