Skip to content

Avoid unsafe where safety depends on non-local values#1791

Merged
dhardy merged 1 commit into
masterfrom
push-yxwwqxvvrvnm
Jun 22, 2026
Merged

Avoid unsafe where safety depends on non-local values#1791
dhardy merged 1 commit into
masterfrom
push-yxwwqxvvrvnm

Conversation

@dhardy

@dhardy dhardy commented Jun 18, 2026

Copy link
Copy Markdown
Member
  • Added a CHANGELOG.md entry

Summary

Avoid usage of unsafe in contexts where non-local memory corruption (e.g. in RAM) could invalidate a safety contract.

Motivation

This could be seen as an alternative fix to #1790, though I'd prefer to merge both PRs.

This PR could have noticeable impacts (performance, code size, panic point). If this is a significant concern we could consider alternatives (not doing this, using a feature flag, adding an explicitly-unsafe variant such as slice::ChooseUnsafe).

@dhardy dhardy requested review from newpavlov and tarcieri June 18, 2026 08:18
@newpavlov

Copy link
Copy Markdown
Member

With any "non-local memory corruption" all bets are off, so I am not sure it's worth to guard against it.

Minimizing amount of unsafe code could be a sufficient motivation for this change, but personally I am fine with the current code as well.

@tarcieri tarcieri left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure about the memory corruption angle, but avoiding unsafe seems good to me

@dhardy

dhardy commented Jun 22, 2026

Copy link
Copy Markdown
Member Author

I'll go ahead and merge this on the basis that we don't have evidence of need for fast/unsafe code here.

@dhardy dhardy merged commit aeab810 into master Jun 22, 2026
18 checks passed
@dhardy dhardy deleted the push-yxwwqxvvrvnm branch June 22, 2026 08:59
kodiakhq Bot pushed a commit to pdylanross/fatigue that referenced this pull request Jul 3, 2026
Bumps rand from 0.10.1 to 0.10.2.

Changelog
Sourced from rand's changelog.

[0.10.2] — 2026-07-02
Fixes

Fix possible memory safety violation due to deserialization of UniformChar from bad source (#1790)

Changes

Document required output order of fn partial_shuffle and apply #[must_use] (#1769)
Avoid usage of unsafe in contexts where non-local memory corruption could invalidate contract (#1791)

#1769: rust-random/rand#1769
#1790: rust-random/rand#1790
#1791: rust-random/rand#1791



Commits

1540ea3 Prepare rand 0.10.2 (#1800)
a29964a Bump chacha20 from 0.10.0 to 0.10.1 in the all-deps group (#1801)
ced9491 Tweak docs for RngExt::random_range and SampleRange (#1798)
db14664 Check UniformChar validity on deser (#1790)
bea8620 Bump the all-deps group with 2 updates (#1796)
4f44932 Bump actions/cache from 5 to 6 (#1795)
b999a13 Bump actions/checkout from 6 to 7 (#1794)
aeab810 Avoid unsafe where safety depends on non-local values (#1791)
1896d7c Add typos CI job (#1789)
43eddee Bump the all-deps group with 2 updates (#1788)
Additional commits viewable in compare view




Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants