From 272e0db81c8935cb3308cd3963056f1639f57c18 Mon Sep 17 00:00:00 2001 From: Sewer56 Date: Fri, 27 Feb 2026 21:54:04 +0000 Subject: [PATCH] Fixed: Remove UB-prone uninit slice cast in blocking webfetch Use an initialized [0u8; 8192] stack buffer in the blocking read loop instead of casting MaybeUninit memory to [u8]. This removes UB risk while preserving chunked reads and size checks. --- .../src/tools/webfetch/blocking_impl.rs | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/src/llm-coding-tools-core/src/tools/webfetch/blocking_impl.rs b/src/llm-coding-tools-core/src/tools/webfetch/blocking_impl.rs index 843d26fc..6d8c06d1 100644 --- a/src/llm-coding-tools-core/src/tools/webfetch/blocking_impl.rs +++ b/src/llm-coding-tools-core/src/tools/webfetch/blocking_impl.rs @@ -3,7 +3,6 @@ use super::{categorize_reqwest_error, check_size, process_content, WebFetchOutput}; use crate::error::{ToolError, ToolResult}; use std::io::Read; -use std::mem::MaybeUninit; use std::time::Duration; /// Fetches content from a URL and returns processed content. @@ -53,24 +52,18 @@ pub fn fetch_url( // Stream response body with incremental size checks to avoid memory exhaustion let mut bytes = content_length.map_or_else(Vec::new, Vec::with_capacity); let mut total_len: usize = 0; - let mut buffer = [MaybeUninit::::uninit(); 8192]; - let buffer_ptr = buffer.as_mut_ptr() as *mut u8; - let buffer_len = buffer.len(); + let mut buffer = [0u8; 8192]; loop { - let n = { - let buf = unsafe { std::slice::from_raw_parts_mut(buffer_ptr, buffer_len) }; - response - .read(buf) - .map_err(|e| ToolError::Http(e.to_string()))? - }; + let n = response + .read(&mut buffer) + .map_err(|e| ToolError::Http(e.to_string()))?; if n == 0 { break; } total_len += n; check_size(total_len, url)?; - let initialized = unsafe { std::slice::from_raw_parts(buffer_ptr, n) }; - bytes.extend_from_slice(initialized); + bytes.extend_from_slice(&buffer[..n]); } let byte_length = total_len;