Write back to the pointer and add a test

Author: LegNeato

src/shims/unix/fs.rs

@@ -1738,7 +1738,9 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, 'tcx
         // Get the raw bytes from the template. This is passed to us from `std` as an `OsString`.
         // These bytes represent a string in _target_ OS encoding, which may or may not match
         // the _host_ OS encoding.
-        let template_bytes = this.eval_context_ref().read_c_str(this.read_pointer(template_op)?)?;
+        let template_ptr = this.read_pointer(template_op)?;
+        let mut template = this.eval_context_ref().read_c_str(template_ptr)?.to_owned();
+        let template_bytes = template.as_mut_slice();
 
         // Reject if isolation is enabled.
         if let IsolatedOp::Reject(reject_with) = this.machine.isolated_op {
@@ -1804,13 +1806,16 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, 'tcx
             // Generate a random unique suffix.
             let unique_suffix = SUBSTITUTIONS.choose_multiple(&mut rng, 6).collect::<String>();
 
-            // The passed in template encoding may or may not match the host.
-            let mut base = bytes_to_os_str(&template_bytes[..start_pos])?.to_os_string();
+            // Replace the template string with the random string.
+            template_bytes[start_pos..end_pos].copy_from_slice(unique_suffix.as_bytes());
+
+            // Write the modified template back to the passed in pointer to maintain POSIX semantics.
+            this.write_bytes_ptr(template_ptr, template_bytes.to_owned())?;
 
-            // Add the randomly generated suffix to the given static prefix.
-            base.push(unique_suffix);
+            // The passed in template encoding may or may not match the host.
+            let p = bytes_to_os_str(template_bytes)?.to_os_string();
 
-            let possibly_unique = std::env::temp_dir().join::<PathBuf>(base.into());
+            let possibly_unique = std::env::temp_dir().join::<PathBuf>(p.into());
 
             let file = fopts.open(&possibly_unique);
 

tests/fail/fs/mkstemp_immutable_arg.rs

@@ -0,0 +1,15 @@
+//@ignore-windows: No libc on Windows
+//@compile-flags: -Zmiri-disable-isolation
+
+#![feature(rustc_private)]
+
+extern crate libc;
+
+fn main() {
+    test_mkstemp_immutable_arg();
+}
+
+fn test_mkstemp_immutable_arg() {
+    let s: *mut libc::c_char = b"fooXXXXXX\0" as *const _ as *mut _;
+    let _fd = unsafe { libc::mkstemp(s) }; //~ ERROR: Undefined Behavior: writing to alloc1 which is read-only
+}

tests/fail/fs/mkstemp_immutable_arg.stderr

@@ -0,0 +1,20 @@
+error: Undefined Behavior: writing to ALLOC which is read-only
+  --> $DIR/mkstemp_immutable_arg.rs:LL:CC
+   |
+LL |     let _fd = unsafe { libc::mkstemp(s) };
+   |                        ^^^^^^^^^^^^^^^^ writing to ALLOC which is read-only
+   |
+   = help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
+   = help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information
+   = note: backtrace:
+   = note: inside `test_mkstemp_immutable_arg` at $DIR/mkstemp_immutable_arg.rs:LL:CC
+note: inside `main` at $DIR/mkstemp_immutable_arg.rs:LL:CC
+  --> $DIR/mkstemp_immutable_arg.rs:LL:CC
+   |
+LL |     test_mkstemp_immutable_arg();
+   |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace
+
+error: aborting due to previous error
+