Possible unsound safe function #1871
Description
Hi there,
at crate, tract-core, version 0.21.7
at file /src/ops/cnn/patches.rs
#[derive(Clone, Debug, PartialEq, Eq)]
pub struct ZoneScanner<'p> {
pub patch: &'p Patch,
pub zone: &'p Zone,
pub output_offset: isize,
pub output_coords: Box<[usize]>,
pub input_center_offset: isize,
pub inner_loop_axis: usize,
pub inner_loop_len: usize,
pub inner_loop_output_range: Range<usize>,
pub inner_loop_output_stride: isize,
pub inner_loop_input_full_stride: isize,
pub done: bool,
}
impl<'p> ZoneScanner<'p> {
....
#[inline]
pub fn next(&mut self) {
let inner_loop_axis = self.inner_loop_axis;
unsafe {
*self.output_coords.get_unchecked_mut(inner_loop_axis) += 1;
...The inner_loop_axis is depends on self.inner_loop_axis, which is a public field of ZoneScanner. We can easily have memory issue by having invalid inner_loop_axis when dereferencing result of get_unchecked_mut. In Rust, we should not have memory issue by merely using safe function.
Suggestion:
- make the field private
- add appropriate check before dereferencing.