add test to make Miri able to detect OOB in memmove

RalfJung · RalfJung · commit 9a511097ab5e · 2025-03-18T23:16:50.000+01:00
diff --git a/src/mem/impls.rs b/src/mem/impls.rs
@@ -54,7 +54,7 @@ unsafe fn load_aligned_partial(src: *const usize, load_sz: usize) -> usize {
             let chunk_sz = core::mem::size_of::<$ty>();
             if (load_sz & chunk_sz) != 0 {
                 // Since we are doing the large reads first, this must still be aligned to `chunk_sz`.
-                *(&raw mut out).byte_add(i).cast::<$ty>() = *src.byte_add(i).cast::<$ty>();
+                *(&raw mut out).wrapping_byte_add(i).cast::<$ty>() = *src.wrapping_byte_add(i).cast::<$ty>();
                 i |= chunk_sz;
             }
         )+};
@@ -83,7 +83,7 @@ unsafe fn load_aligned_end_partial(src: *const usize, load_sz: usize) -> usize {
             if (load_sz & chunk_sz) != 0 {
                 // Since we are doing the small reads first, `start_shift + i` has in the mean
                 // time become aligned to `chunk_sz`.
-                *(&raw mut out).byte_add(start_shift + i).cast::<$ty>() = *src.byte_add(start_shift + i).cast::<$ty>();
+                *(&raw mut out).wrapping_byte_add(start_shift + i).cast::<$ty>() = *src.wrapping_byte_add(start_shift + i).cast::<$ty>();
                 i |= chunk_sz;
             }
         )+};
@@ -137,7 +137,7 @@ pub unsafe fn copy_forward(mut dest: *mut u8, mut src: *const u8, mut n: usize)
         let shift = offset * 8;
 
         // Realign src
-        let mut src_aligned = src.byte_sub(offset) as *mut usize;
+        let mut src_aligned = src.wrapping_byte_sub(offset) as *mut usize;
         let mut prev_word = load_aligned_end_partial(src_aligned, WORD_SIZE - offset);
 
         while dest_usize.wrapping_add(1) < dest_end {
@@ -249,7 +249,7 @@ pub unsafe fn copy_backward(dest: *mut u8, src: *const u8, mut n: usize) {
         let shift = offset * 8;
 
         // Realign src
-        let mut src_aligned = src.byte_sub(offset) as *mut usize;
+        let mut src_aligned = src.wrapping_byte_sub(offset) as *mut usize;
         let mut prev_word = load_aligned_partial(src_aligned, offset);
 
         while dest_start.wrapping_add(1) < dest_usize {
diff --git a/testcrate/tests/mem.rs b/testcrate/tests/mem.rs
@@ -230,6 +230,23 @@ fn memmove_backward_aligned() {
     }
 }
 
+#[test]
+fn memmove_misaligned_bounds() {
+    // The above test have the downside that the addresses surrounding the range-to-copy are all
+    // still in-bounds, so Miri would not actually complain about OOB accesses. So we also test with
+    // an array that has just the right size. We test a few times to avoid it being accidentally
+    // aligned.
+    for _ in 0..8 {
+        let mut arr1 = [0u8; 17];
+        let mut arr2 = [0u8; 17];
+        unsafe {
+            // Copy both ways so we hit both the forward and backward cases.
+            memmove(arr1.as_mut_ptr(), arr2.as_mut_ptr(), 17);
+            memmove(arr2.as_mut_ptr(), arr1.as_mut_ptr(), 17);
+        }
+    }
+}
+
 #[test]
 fn memset_backward_misaligned_nonaligned_start() {
     let mut arr = gen_arr::<32>();
