Fix rust-lang#121126: index out of bounds exceeds max value

c4rrao · c4rrao · commit 44e66b658f20 · 2024-04-04T20:36:50.000+01:00
When indexing an array with an index (u32) that exceeds the maximum value allowed by FieldIdx (default: 0xFFFF_FF00), although the compiler would detect the error, it would also cause a panic, which is a bug.
I fixed it by adding a verification before calling the FieldIdx::from_u32(idx) method.
This check ensures that if the idx value is greater than the maximum allowed value, it returns Option::None, similar to how other functions handle errors during the call to the project method of type Value.
diff --git a/compiler/rustc_mir_transform/src/known_panics_lint.rs b/compiler/rustc_mir_transform/src/known_panics_lint.rs
@@ -101,8 +101,14 @@ impl<'tcx> Value<'tcx> {
                 }
                 (PlaceElem::Index(idx), Value::Aggregate { fields, .. }) => {
                     let idx = prop.get_const(idx.into())?.immediate()?;
-                    let idx = prop.ecx.read_target_usize(idx).ok()?;
-                    fields.get(FieldIdx::from_u32(idx.try_into().ok()?)).unwrap_or(&Value::Uninit)
+                    let idx: u32 = prop.ecx.read_target_usize(idx).ok()?.try_into().ok()?;
+
+                    let max: u32 = FieldIdx::MAX.index().try_into().ok()?;
+                    if idx > max {
+                        return None;
+                    }
+
+                    fields.get(FieldIdx::from_u32(idx)).unwrap_or(&Value::Uninit)
                 }
                 (
                     PlaceElem::ConstantIndex { offset, min_length: _, from_end: false },
diff --git a/tests/ui/indexing/index-out-of-bounds-exceeds-max-value-issue-121126.rs b/tests/ui/indexing/index-out-of-bounds-exceeds-max-value-issue-121126.rs
@@ -0,0 +1,13 @@
+// Regression test for #121126. Compiler was panicking when indexing an array
+// with an index that is out of bounds and its value is greater than the max
+// value allowed for an index.
+
+//@ build-fail
+
+fn main() {
+    [0][0xFFFF_FF01];
+//~^ ERROR this operation will panic at runtime [unconditional_panic]
+}
+
+// NOTE: In order for the test to be valid, the index can take on any value
+// between FieldIdx::MAX + 1 (= 0xFFF_FF01) and u32::MAX (= 0xFFF_FFFF)
diff --git a/tests/ui/indexing/index-out-of-bounds-exceeds-max-value-issue-121126.stderr b/tests/ui/indexing/index-out-of-bounds-exceeds-max-value-issue-121126.stderr
@@ -0,0 +1,10 @@
+error: this operation will panic at runtime
+  --> $DIR/issue-121126-index-out-of-bounds-exceeds-max-value.rs:8:5
+   |
+LL |     [0][0xFFFF_FF01];
+   |     ^^^^^^^^^^^^^^^^ index out of bounds: the length is 1 but the index is 4294967041
+   |
+   = note: `#[deny(unconditional_panic)]` on by default
+
+error: aborting due to 1 previous error
+

Original file line number	Diff line number	Diff line change
`@@ -101,8 +101,14 @@ impl<'tcx> Value<'tcx> {`
`101`	`101`	`}`
`102`	`102`	`(PlaceElem::Index(idx), Value::Aggregate { fields, .. }) => {`
`103`	`103`	`let idx = prop.get_const(idx.into())?.immediate()?;`
`104`		`- let idx = prop.ecx.read_target_usize(idx).ok()?;`
`105`		`- fields.get(FieldIdx::from_u32(idx.try_into().ok()?)).unwrap_or(&Value::Uninit)`
	`104`	`+ let idx: u32 = prop.ecx.read_target_usize(idx).ok()?.try_into().ok()?;`
	`105`	`+`
	`106`	`+ let max: u32 = FieldIdx::MAX.index().try_into().ok()?;`
	`107`	`+ if idx > max {`
	`108`	`+ return None;`
	`109`	`+ }`
	`110`	`+`
	`111`	`+ fields.get(FieldIdx::from_u32(idx)).unwrap_or(&Value::Uninit)`
`106`	`112`	`}`
`107`	`113`	`(`
`108`	`114`	`PlaceElem::ConstantIndex { offset, min_length: _, from_end: false },`