Closed
Description
It looks like Generic Associated Types aren't validated on whether the specified type on the impl-side indeed implements the traits as written down in the definition of the associated type.
The following program shows a use-after-free of a String:
#![feature(generic_associated_types)]
trait UnsafeCopy {
type Item<'a>: Copy;
fn copy<'a>(item: &Self::Item<'a>) -> Self::Item<'a> {
*item
}
}
impl <T> UnsafeCopy for T {
type Item<'a> = T;
}
fn main() {
let mut s = String::from("Hello world!");
let copy = String::copy(&s);
// Do we indeed point to the samme memory?
assert!(s.as_ptr() == copy.as_ptr());
// Any use of `copy` is certeinly UB after this
drop(s);
// UB UB UB UB UB!!
println!("{}", copy);
}Metadata
Metadata
Assignees
Labels
Area: Generic associated types (GATs)Category: This is a bug.`#![feature(generic_associated_types)]` a.k.a. GATsIssue: A soundness hole (worst kind of bug), see: https://en.wikipedia.org/wiki/SoundnessRelevant to the compiler team, which will review and decide on the PR/issue.This issue requires a nightly compiler in some way.