Remove unsafe and unnecessary size argument from FileDesc::read() (#821)

The `size` argument to `FileDesc::read()` is not checked against the
length of the buffer, so `libc::read()` could end up writing past the
buffer if we passed a size that's too large. However, we always pass
exactly the size of the buffer, so that doesn't happen. Let's just
remove the argument since it's not currently needed, thereby removing
the risk of bugs if the function is used incorrectly by future
callers.

This came up in review of `unsafe` Rust code at my company.
This commit is contained in:
Martin von Zweigbergk 2024-05-03 10:30:15 -07:00 committed by GitHub
parent f54e937a33
commit 6fde55416b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 3 additions and 3 deletions

View File

@ -93,7 +93,7 @@ impl EventSource for UnixInternalEventSource {
match token {
TTY_TOKEN => {
loop {
match self.tty_fd.read(&mut self.tty_buffer, TTY_BUFFER_SIZE) {
match self.tty_fd.read(&mut self.tty_buffer) {
Ok(read_count) => {
if read_count > 0 {
self.parser.advance(

View File

@ -29,12 +29,12 @@ impl FileDesc {
FileDesc { fd, close_on_drop }
}
pub fn read(&self, buffer: &mut [u8], size: usize) -> io::Result<usize> {
pub fn read(&self, buffer: &mut [u8]) -> io::Result<usize> {
let result = unsafe {
libc::read(
self.fd,
buffer.as_mut_ptr() as *mut libc::c_void,
size as size_t,
buffer.len() as size_t,
)
};