.

Author: brson

src/memcpy/memcpy.rs

@@ -3,10 +3,26 @@
 
 use cfg_if::cfg_if;
 
-pub mod memcpy_trivial;
-
+/// The type signature of a `memcpy` function
 pub type Memcpy = unsafe fn(dst: *mut u8, src: *const u8, bytes: usize);
 
-pub static ALL_MEMCPYS: &[Memcpy] = &[
+/// Assert the arguments of `memcpy` are correct
+fn memcpy_assert(dst: *mut u8, src: *const u8, bytes: usize) {
+    let src_before_dst = (src as usize + bytes) <= dst as usize;
+    let dst_before_src = (dst as usize + bytes) <= src as usize;
+    let buffers_do_not_overlap = src_before_dst || dst_before_src;
+    debug_assert!(buffers_do_not_overlap);
+
+    // Buffers larger than isize::max_value are bogus.
+    // See https://doc.rust-lang.org/std/primitive.pointer.html#method.offset
+
+    let size_fits_in_signed_offset = bytes <= isize::max_value() as usize;
+    debug_assert!(size_fits_in_signed_offset);
+}
+
+pub mod memcpy_trivial;
+
+/// Ensure sure all implementations have the same type
+static ALL_MEMCPYS: &[Memcpy] = &[
     memcpy_trivial::memcpy,
 ];

src/memcpy/memcpy_trivial.rs

@@ -1,4 +1,6 @@
 pub unsafe fn memcpy(dst: *mut u8, src: *const u8, bytes: usize) {
+    crate::memcpy_assert(dst, src, bytes);
+
     for i in 0..bytes {
         let dst_byte = dst.add(i);
         let src_byte = src.add(i);