arrow-buffer: Potential Undefined Behavior Reported by Miri #9287
Description
Hi!
We are a team of researchers studying the memory safety problem in Rust. As part of our ongoing research, we performed random testing on arrow-buffer(version:57.2.0) and found that the following code snippet is reported as undefined behavior by Miri:
Describe the bug
#![feature(allocator_api)]
use arrow_buffer::*;
fn main() {
let v6 = [112, -26, -47];
let v7 = Vec::from(v6);
let mut v8 = <buffer::MutableBuffer as std::convert::From<std::vec::Vec::<i32, std::alloc::Global>>>::from(v7);
let v24 = builder::BufferBuilder::<i128>::new_from_buffer(v8);
let v25: &'_ builder::BufferBuilder::<i128> = &v24;
let v26 = builder::BufferBuilder::<i128>::as_slice(v25);
}The error message miri report is as follows:
error: Undefined Behavior: constructing invalid value: encountered an unaligned reference (required 16 byte alignment but found 8)
--> /home/chenyl/projects/check_UB/arrow-buffer-57.2.0/src/builder/mod.rs:274:18
|
274 | unsafe { std::slice::from_raw_parts(self.buffer.as_ptr() as _, self.len) }
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Undefined Behavior occurred here
|
= help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
= help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information
= note: BACKTRACE:
= note: inside `arrow_buffer::BufferBuilder::<i128>::as_slice` at /home/chenyl/projects/check_UB/arrow-buffer-57.2.0/src/builder/mod.rs:274:18: 274:81
note: inside `main`
--> src/main.rs:9:15
|
9 | let v26 = builder::BufferBuilder::<i128>::as_slice(v25);
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace
error: aborting due to 1 previous error; 2 warnings emittedIt seems that as_slice doesn't check the alignment of given buffer, thus causing the undefined behaviour.
To Reproduce
- Copy the code snippet.
- choose the rust toolchain:nightly-2025-12-06-x86_64-unknown-linux-gnu
- install miri and run
cargo miri run
Expected behavior
There should not be any undefined behaviour.
Additional context
The OS I use is Linux Unbutu.
We’d appreciate it if you could take a look and confirm whether this behavior indicates a real issue, or if it’s a false positive or an expected limitation of Miri.
Thank you very much!