safe transmute: require that src referent is smaller than dst

The source referent absolutely must be smaller than the destination referent of a ref-to-ref transmute; the excess bytes referenced cannot arise from thin air, even if those bytes are uninitialized.
2024-03-13 00:11:36 +00:00 · 2024-03-13 00:11:36 +00:00 · 216df4a8e6
commit 216df4a8e6
parent a165f1f650
8 changed files with 122 additions and 5 deletions
--- a/compiler/rustc_transmute/src/maybe_transmutable/mod.rs
+++ b/compiler/rustc_transmute/src/maybe_transmutable/mod.rs
@ -266,6 +266,11 @@ where
                                                src_min_align: src_ref.min_align(),
                                                dst_min_align: dst_ref.min_align(),
                                            })
+                                        } else if dst_ref.size() > src_ref.size() {
+                                            Answer::No(Reason::DstRefIsTooBig {
+                                                src: src_ref,
+                                                dst: dst_ref,
+                                            })
                                        } else {
                                            // ...such that `src` is transmutable into `dst`, if
                                            // `src_ref` is transmutability into `dst_ref`.