Category: Coding Mistakes
Missing alignment safety message
Low Impact
Low Severity
Low Likelihood
Description
The safety comment for InstructionContext::new_unchecked reads as follows:
/// Creates a new [`InstructionContext`] for the input buffer.
///
/// # Safety
///
/// The caller must ensure that the input buffer is valid, i.e., it represents
/// the program input parameters serialized by the SVM loader.
#[inline(always)]
pub unsafe fn new_unchecked(input: *mut u8) -> Self {
Self {
// SAFETY: The first 8 bytes of the input buffer represent the
// number of accounts when serialized by the SVM loader, which is read
// when the context is created.
buffer: unsafe { input.add(core::mem::size_of::<u64>()) },
// SAFETY: Read the number of accounts from the input buffer serialized
// by the SVM loader.
remaining: unsafe { *(input as *const u64) },
}
}It states that the caller must ensure that the input buffer is valid. To increase clarity, we suggest mentioning that the buffer needs to be eight-byte aligned as this is an additional requirement necessary for casting *mut u8 to *const u64.
Impact
While the safety comment asks the caller to ensure the input buffer is valid, it lacks important context on what constitutes validity.
Recommendations
We recommend including clarification around the alignment requirement for these bytes.