add test to make Miri able to detect OOB in memmove

RalfJung · RalfJung · commit 469b91febdd9 · 2025-03-18T21:26:32.000+01:00
diff --git a/src/mem/impls.rs b/src/mem/impls.rs
@@ -58,7 +58,7 @@ unsafe fn load_aligned_partial(src: *const usize, load_sz: usize) -> usize {
             let chunk_sz = core::mem::size_of::<$ty>();
             if (load_sz & chunk_sz) != 0 {
                 // Since we are doing the large reads first, this must still be aligned to `chunk_sz`.
-                *(&raw mut out).byte_add(i).cast::<$ty>() = *src.byte_add(i).cast::<$ty>();
+                *(&raw mut out).wrapping_byte_add(i).cast::<$ty>() = *src.wrapping_byte_add(i).cast::<$ty>();
                 i |= chunk_sz;
             }
         )+};
@@ -91,7 +91,7 @@ unsafe fn load_aligned_end_partial(src: *const usize, load_sz: usize) -> usize {
             if (load_sz & chunk_sz) != 0 {
                 // Since we are doing the small reads first, `start_shift + i` has in the mean
                 // time become aligned to `chunk_sz`.
-                *(&raw mut out).byte_add(start_shift + i).cast::<$ty>() = *src.byte_add(start_shift + i).cast::<$ty>();
+                *(&raw mut out).wrapping_byte_add(start_shift + i).cast::<$ty>() = *src.wrapping_byte_add(start_shift + i).cast::<$ty>();
                 i |= chunk_sz;
             }
         )+};
diff --git a/testcrate/tests/mem.rs b/testcrate/tests/mem.rs
@@ -230,6 +230,27 @@ fn memmove_backward_aligned() {
     }
 }
 
+#[test]
+fn memmove_misaligned_bounds() {
+    // The above test have the downside that the addresses surrounding the range-to-copy are all
+    // still in-bounds, so Miri would not actually complain about OOB accesses. So we also test with
+    // an array that has just the right size. We test a few times to avoid it being accidentally
+    // aligned.
+    for _ in 0..8 {
+        let mut arr = [0u8; 17 + 1];
+        unsafe {
+            // Copy forward...
+            let src = arr.as_ptr().offset(0);
+            let dst = arr.as_mut_ptr().offset(1);
+            assert_eq!(memmove(dst, src, 17), dst);
+            // ... and backward.
+            let src = arr.as_ptr().offset(1);
+            let dst = arr.as_mut_ptr().offset(0);
+            assert_eq!(memmove(dst, src, 17), dst);
+        }
+    }
+}
+
 #[test]
 fn memset_backward_misaligned_nonaligned_start() {
     let mut arr = gen_arr::<32>();
