53 lines
1.1 KiB
Plaintext
53 lines
1.1 KiB
Plaintext
|
|
||
|
|
== Why is this an issue?
|
||
|
|
|
||
|
|
When a transmute is placed within an expression that uses eager evaluation (like `bool::then_some`), it will execute even if a preceding validity check fails. This can result in creating invalid values, potentially leading to undefined behavior.
|
||
|
|
|
||
|
|
|
||
|
|
== How to fix it
|
||
|
|
|
||
|
|
Use lazy evaluation (for example by replacing `then_some` with `then`) and providing a closure that contains the transmute. This ensures the transmute only occurs if the validity check passes.
|
||
|
|
|
||
|
|
|
||
|
|
=== Code examples
|
||
|
|
|
||
|
|
==== Noncompliant code example
|
||
|
|
|
||
|
|
[source,rust,diff-id=1,diff-type=noncompliant]
|
||
|
|
----
|
||
|
|
#[repr(u8)]
|
||
|
|
enum Opcode {
|
||
|
|
Add = 0,
|
||
|
|
Sub = 1,
|
||
|
|
Mul = 2,
|
||
|
|
Div = 3
|
||
|
|
}
|
||
|
|
|
||
|
|
fn int_to_opcode(op: u8) -> Option<Opcode> {
|
||
|
|
(op < 4).then_some(unsafe { std::mem::transmute(op) })
|
||
|
|
}
|
||
|
|
----
|
||
|
|
|
||
|
|
==== Compliant solution
|
||
|
|
|
||
|
|
[source,rust,diff-id=1,diff-type=compliant]
|
||
|
|
----
|
||
|
|
#[repr(u8)]
|
||
|
|
enum Opcode {
|
||
|
|
Add = 0,
|
||
|
|
Sub = 1,
|
||
|
|
Mul = 2,
|
||
|
|
Div = 3
|
||
|
|
}
|
||
|
|
|
||
|
|
fn int_to_opcode(op: u8) -> Option<Opcode> {
|
||
|
|
(op < 4).then(|| unsafe { std::mem::transmute(op) })
|
||
|
|
}
|
||
|
|
----
|
||
|
|
|
||
|
|
== Resources
|
||
|
|
=== Documentation
|
||
|
|
|
||
|
|
* Clippy Lints - https://rust-lang.github.io/rust-clippy/master/index.html#eager_transmute
|
||
|
|
|