Update RSPEC
This commit is contained in:
yassin-kammoun-sonarsource
parent
3f7b8cf72d
commit
4c2b560548
@ -1,12 +1,13 @@
|
||||
{
|
||||
"title": "FIXME",
|
||||
"type": "CODE_SMELL",
|
||||
"title": "`set_len` should not be called on uninitialized vectors",
|
||||
"type": "BUG",
|
||||
"status": "ready",
|
||||
"remediation": {
|
||||
"func": "Constant\/Issue",
|
||||
"constantCost": "5min"
|
||||
},
|
||||
"tags": [
|
||||
"clippy"
|
||||
],
|
||||
"defaultSeverity": "Major",
|
||||
"ruleSpecification": "RSPEC-7459",
|
||||
@ -16,10 +17,8 @@
|
||||
"quickfix": "unknown",
|
||||
"code": {
|
||||
"impacts": {
|
||||
"MAINTAINABILITY": "HIGH",
|
||||
"RELIABILITY": "MEDIUM",
|
||||
"SECURITY": "LOW"
|
||||
"RELIABILITY": "HIGH"
|
||||
},
|
||||
"attribute": "CONVENTIONAL"
|
||||
"attribute": "LOGICAL"
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,16 +1,8 @@
|
||||
FIXME: add a description
|
||||
|
||||
// If you want to factorize the description uncomment the following line and create the file.
|
||||
//include::../description.adoc[]
|
||||
|
||||
== Why is this an issue?
|
||||
|
||||
FIXME: remove the unused optional headers (that are commented out)
|
||||
In Rust, calling ``++Vec::set_len(new_len)++`` directly after allocating or reserving memory using ``++Vec::with_capacity()++``, ``++Vec::new()++``, ``++Vec::default()++``, or ``++Vec::reserve()++`` can lead to the creation of a ``++Vec++`` with uninitialized elements. This is problematic because most safe Rust operations assume initialized data. Using uninitialized data can result in undefined behavior, including memory corruption and unexpected program crashes.
|
||||
|
||||
//=== What is the potential impact?
|
||||
|
||||
== How to fix it
|
||||
//== How to fix it in FRAMEWORK NAME
|
||||
This rule detects instances where ``++Vec::set_len()++`` is called directly after allocating or reserving memory with ``++Vec::with_capacity()++``, ``++Vec::new()++``, ``++Vec::default()++``, or ``++Vec::reserve()++``, without any prior initialization of the vector's elements. The rule performs a local analysis and only checks for these calls within adjacent statements.
|
||||
|
||||
=== Code examples
|
||||
|
||||
@ -18,27 +10,25 @@ FIXME: remove the unused optional headers (that are commented out)
|
||||
|
||||
[source,rust,diff-id=1,diff-type=noncompliant]
|
||||
----
|
||||
FIXME
|
||||
fn f(reader: &mut dyn std::io::Read) {
|
||||
let mut vec: Vec<u8> = Vec::with_capacity(1000);
|
||||
unsafe { vec.set_len(1000); } // Noncompliant: Uninitialized vector
|
||||
reader.read_exact(&mut vec).unwrap(); // Undefined behavior!
|
||||
}
|
||||
----
|
||||
|
||||
==== Compliant solution
|
||||
|
||||
[source,rust,diff-id=1,diff-type=compliant]
|
||||
----
|
||||
FIXME
|
||||
fn f(reader: &mut dyn std::io::Read) {
|
||||
let mut vec: Vec<u8> = vec![0; 1000]; // Properly initialized with zeros
|
||||
reader.read_exact(&mut vec).unwrap(); // Safe to use
|
||||
}
|
||||
----
|
||||
|
||||
//=== How does this work?
|
||||
== Resources
|
||||
=== Documentation
|
||||
|
||||
//=== Pitfalls
|
||||
* Clippy Lints - https://rust-lang.github.io/rust-clippy/master/index.html#uninit_vec
|
||||
|
||||
//=== Going the extra mile
|
||||
|
||||
|
||||
//== Resources
|
||||
//=== Documentation
|
||||
//=== Articles & blog posts
|
||||
//=== Conference presentations
|
||||
//=== Standards
|
||||
//=== External coding guidelines
|
||||
//=== Benchmarks
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user