[SR-3343] Investigate Array Canaries for withUnsafe operations · swiftlang/swift#45931

(0 留言) (0 反應) (0 負責人)Swift (69,989 star) (10,719 fork)batch import

diagnostics qualitygood first issueimprovementstandard library

描述


Previous ID	SR-3343
Radar	rdar://problem/16553648
Original Reporter	Gankro (JIRA User)
Type	Improvement


Votes	0
Component/s	Standard Library
Labels	Improvement, DiagnosticsQoI, StarterBug
Assignee	abdullah (JIRA)
Priority	Medium

md5: c68651c162da6db48a6cc867e161ffe0

Issue Description:

We provide several operations which expose the guts of an Array as an UnsafePointer in a closure. This provides an opportunity for developers to mess up and scribble past the bounds of the Array. As a QoI feature, we should look into opportunistically installing a canary at the end of the Array in debug builds.

Basic idea:

At the start of withUnsafeBufferPointer (before the closure is called), check if the array has some slack capacity.
If it does, write some specific bit pattern to the extra space (just the last byte?).
At the end of withUnsafeBufferPointer (after the closure has been called), check if the bit pattern is in tact. If not, assert that a buffer overflow occurred.

This obviously isn't a robust protection against buffer overflows, but maybe it will catch some programmer errors!

I'm happy to mentor anyone who wishes to work on this.

貢獻者指南

技術棧: swift
領域: developer experiencesecurity
議題類型: feature
難度: 3
預計時間: half day
活動狀態: stale
清晰度: clear
前置要求: Swift basicsArray internalsUnsafePointer
新手友善度: 70
研究方向: The issue suggests implementing canary values in Array.withUnsafeBufferPointer to detect buffer overflows. Start by examining the source file stdlib/public/core/Array.swift for the current implementation of withUnsafeBufferPointer. Add code to check for slack capacity and write a canary pattern (e.g., 0xDEADBEEF) before the closure, then verify after. Use #if DEBUG to limit to debug builds. Test by intentionally writing past bounds to trigger the assertion.