[pbs-devel] [PATCH v3 proxmox-backup 1/2] datastore: check for null pointer when allocating DynamicIndexHeader
Robert Obkircher
r.obkircher at proxmox.com
Fri Jan 9 18:58:39 CET 2026
Check for allocation failures because creating a Box from a null
pointer is undefined behavior. Call handle_alloc_error to cease
execution, because returning an anyhow error would require further
allocations.
Signed-off-by: Robert Obkircher <r.obkircher at proxmox.com>
---
pbs-datastore/src/dynamic_index.rs | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/pbs-datastore/src/dynamic_index.rs b/pbs-datastore/src/dynamic_index.rs
index ad49cdf3..12df78b1 100644
--- a/pbs-datastore/src/dynamic_index.rs
+++ b/pbs-datastore/src/dynamic_index.rs
@@ -41,13 +41,20 @@ proxmox_lang::static_assert_size!(DynamicIndexHeader, 4096);
impl DynamicIndexHeader {
/// Convenience method to allocate a zero-initialized header struct.
pub fn zeroed() -> Box<Self> {
+ let layout = std::alloc::Layout::new::<Self>();
unsafe {
- Box::from_raw(std::alloc::alloc_zeroed(std::alloc::Layout::new::<Self>()) as *mut Self)
+ let ptr = std::alloc::alloc_zeroed(layout) as *mut Self;
+ if ptr.is_null() {
+ std::alloc::handle_alloc_error(layout);
+ }
+ Box::from_raw(ptr)
}
}
pub fn as_bytes(&self) -> &[u8] {
unsafe {
+ // There can't be any uninitialized padding, because the fields
+ // take up all of the statically asserted total size.
std::slice::from_raw_parts(
self as *const Self as *const u8,
std::mem::size_of::<Self>(),
--
2.47.3
More information about the pbs-devel
mailing list