Memory-safety of instances exported by Data.Array.Byte
Summary
The current version of Data.Array.Byte, which is presumably on its way to inclusion in a future base
release, is marked as Trustworthy
. But due to the possibility of Int
overflow in size-related calculations, it is possible for mconcat
and stimes
to attempt to write huge amounts of out-of-bounds data given the wrong inputs, and it may be possible for (<>)
to do so as well with certain extraordinarily unreasonable inputs. Such memory-unsafety should not be achievable using the exports from a Trustworthy
module in base
.
Proposed improvements or changes
My preference would be for appendByteArray
, concatByteArray
, replicateByteArray
, and stimes
to check their internal size-related arithmetic for overflow and throw an exception in these cases. However, it may also be acceptable to keep the current behavior but mark the module as Unsafe
and attach some scary-looking documentation to the Semigroup
and Monoid
instances.