From cf9a59fdc4eab464f24808381dd6425aa9e96571 Mon Sep 17 00:00:00 2001
From: Cassie Jones <code@witchoflight.com>
Date: Fri, 1 Jan 2021 21:12:48 -0500
Subject: [PATCH] [rt] Make Obj variant padding explicit

This is motivated by concern about UB from accessing the ObjHeader in
the Obj union. More concretely, modifications to an ObjHeader may modify
the implicit padding in the struct, breaking fields that were inside the
padding on the underlying object. Having mismatched integer types in the
header prefix should be fine since Rust's unions seem to consider this
sort of punning acceptable as long as there are valid values for the
fields.
---
 rt/src/lib.rs | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/rt/src/lib.rs b/rt/src/lib.rs
index 2ca7986..adc36f6 100644
--- a/rt/src/lib.rs
+++ b/rt/src/lib.rs
@@ -22,12 +22,14 @@ pub enum ObjTag {
 #[repr(C)]
 pub struct ObjHeader {
     tag: ObjTag,
+    _pad: [u8; 3],
     rc: AtomicU32,
 }
 
 #[repr(C)]
 pub struct ObjInt {
     tag: ObjTag,
+    _pad: [u8; 3],
     rc: AtomicU32,
     value: i64,
 }
@@ -35,6 +37,7 @@ pub struct ObjInt {
 #[repr(C)]
 pub struct ObjLam {
     tag: ObjTag,
+    _pad: [u8; 1],
     upvars: u16,
     rc: AtomicU32,
     func: extern "C" fn(&ObjLam) -> Obj,
@@ -104,6 +107,7 @@ pub unsafe extern "C" fn ivy_make_lam(func: extern "C" fn(&ObjLam) -> Obj, param
     let box_lam = sys::malloc(size) as *mut ObjLam;
     box_lam.write(ObjLam {
         tag: ObjTag::Lam,
+        _pad: [0; 1],
         upvars,
         rc: AtomicU32::new(0),
         func,
-- 
2.43.2