Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document explicitly that Weak::from_raw(ptr::null()) is ub #114525

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
+31 −6
Open

Document explicitly that Weak::from_raw(ptr::null()) is ub #114525

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
26 changes: 22 additions & 4 deletions library/alloc/src/rc.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2776,8 +2776,16 @@ impl<T: ?Sized> Weak<T> {
///
/// # Safety
///
/// The pointer must have originated from the [`into_raw`] and must still own its potential
/// weak reference, and `ptr` must point to a block of memory allocated by the global allocator.
/// The pointer must have originated from the [`into_raw`] or [`into_raw_and_alloc`] functions
/// and must still own its potential weak reference, and `ptr` must point to a block of
/// memory allocated by `alloc`.
///
/// Note that `from_raw` expects values that actually originated from a call to one of these
/// functions and have not been used with `from_raw` yet, not what these functions can maybe
/// return, or are documented to potentially return.
/// For example, [`into_raw`] can return dangling pointers, but this doesn't allow you to create
/// a dangling pointer yourself and pass it to `from_raw`. Even if it has the same address
/// as a pointer created by [`into_raw`], use [`Weak::new`] instead.
Comment on lines +2787 to +2788
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
/// a dangling pointer yourself and pass it to `from_raw`. Even if it has the same address
/// as a pointer created by [`into_raw`], use [`Weak::new`] instead.
/// a dangling pointer yourself and pass it to `from_raw`, even if it has the same address
/// as a pointer created by [`into_raw`]. Use [`Weak::new`] instead.

///
/// It is allowed for the strong count to be 0 at the time of calling this. Nevertheless, this
/// takes ownership of one weak reference currently represented as a raw pointer (the weak
Expand Down Expand Up @@ -2806,6 +2814,7 @@ impl<T: ?Sized> Weak<T> {
/// ```
///
/// [`into_raw`]: Weak::into_raw
/// [`into_raw_and_alloc`]: Weak::into_raw_and_alloc
/// [`upgrade`]: Weak::upgrade
/// [`new`]: Weak::new
#[inline]
Expand Down Expand Up @@ -2942,8 +2951,16 @@ impl<T: ?Sized, A: Allocator> Weak<T, A> {
///
/// # Safety
///
/// The pointer must have originated from the [`into_raw`] and must still own its potential
/// weak reference, and `ptr` must point to a block of memory allocated by `alloc`.
/// The pointer must have originated from the [`into_raw`] or [`into_raw_and_alloc`] functions
/// and must still own its potential weak reference, and `ptr` must point to a block of
/// memory allocated by `alloc`.
///
/// Note that `from_raw` expects values that actually originated from a call to one of these
/// functions and have not been used with `from_raw` yet, not what these functions can maybe
/// return, or are documented to potentially return.
/// For example, [`into_raw`] can return dangling pointers, but this doesn't allow you to create
/// a dangling pointer yourself and pass it to `from_raw`. Even if it has the same address
/// as a pointer created by [`into_raw`], use [`Weak::new`] instead.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same diff as above

///
/// It is allowed for the strong count to be 0 at the time of calling this. Nevertheless, this
/// takes ownership of one weak reference currently represented as a raw pointer (the weak
Expand Down Expand Up @@ -2972,6 +2989,7 @@ impl<T: ?Sized, A: Allocator> Weak<T, A> {
/// ```
///
/// [`into_raw`]: Weak::into_raw
/// [`into_raw_and_alloc`]: Weak::into_raw_and_alloc
/// [`upgrade`]: Weak::upgrade
/// [`new`]: Weak::new
#[inline]
Expand Down
11 changes: 9 additions & 2 deletions library/alloc/src/sync.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2686,8 +2686,15 @@ impl<T: ?Sized, A: Allocator> Weak<T, A> {
///
/// # Safety
///
/// The pointer must have originated from the [`into_raw`] and must still own its potential
/// weak reference, and must point to a block of memory allocated by `alloc`.
/// The pointer must have originated from the [`into_raw`] function and must still own its
/// potential weak reference, and must point to a block of memory allocated by `alloc`.
///
/// Note that `from_raw_in` expects values that actually originated from a call to [`into_raw`]
/// and have not been used with `from_raw` yet, not what [`into_raw`] can maybe return,
/// or is documented to potentially return.
/// For example, [`into_raw`] can return dangling pointers, but this doesn't allow you to create
/// a dangling pointer yourself and pass it to `from_raw`. Even if it has the same address
/// as a pointer created by [`into_raw`], use [`Weak::new`] instead.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

and yet another time

///
/// It is allowed for the strong count to be 0 at the time of calling this. Nevertheless, this
/// takes ownership of one weak reference currently represented as a raw pointer (the weak
Expand Down