A while ago I’ve found two vulnerabilities in real-world Rust code. People were hand-rolling unsafe code because there was no safe efficient way to append contents of a vector to itself, and getting it wrong. Back then I have opened a pre-RFC for a safe abstraction that would allow doing that safely. That has resulted in some discussion and prototyping, and even discovery of a vulnerability in stdlib, now known as CVE-2018-1000810.
Recently I have found yet another occurrence of the same problem and that motivated me to finish what I’ve started. I have now opened a proper RFC with a minimum viable abstraction for doing this safely: https://github.com/rust-lang/rfcs/pull/2714
Right now I’m going for the minimum viable fix for the problem which is much simpler than my original idea. I feel there is potential for a more general abstraction that would solve even more issues, but it would take a long time to design and implement.
Thanks to everyone who has participated in the pre-RFC, especially @scottmcm, @WanzenBug and @tbu. Your work has informed the final design a lot!
P.S. I would have posted this on the pre-RFC thread, but it’s now locked due to 90 days of inactivity. What’s up with that?