-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Not necessarily safe #1
Comments
Well, it's as safe as the data you feed to it and that looks like you're making a null pointer |
Also, there's no mention of safety anywhere in the docs, just "checked" and "guarded". |
You've defined
... which should be impossible in safe code. If I can use your API to dereference a null pointer without ever using |
See updated documentation in referenced commit |
I'm afraid the updated documentation is incorrect. You can read about what it means to be unsafe in Rust here. |
Good point, so to-do list:
|
You can't just deny
Now I can do And I'm pretty sure your problems aren't limited to pointers either. What about this?
Then you could do I bet there are more problems too. I think your idea with adding extra checks is a good thing, but I don't really see how you can make an API like this generally safe. |
You're right :v |
Unfortunately, the API exposed here is most definitely not safe. This program (on
x86_64
) produces a seg fault, yet there is nounsafe
. Therefore,guarded_transmute
needs to be labeled as anunsafe
function.The text was updated successfully, but these errors were encountered: