In this commit we also add todo and warning to avoid using them +
remove them in future.
Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@xxxxxxxxxxxxx>
---
src/lib.rs | 23 +++++++++++++++++++++--
1 file changed, 21 insertions(+), 2 deletions(-)
diff --git a/src/lib.rs b/src/lib.rs
index 77bf4a9..64d49cd 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -99,12 +99,31 @@ macro_rules! c_chars_to_string {
}
+// Those two macros are not completely safe and we should probably
+// stop using them to avoid possibility of pointers dangling. The
+// memory may be freed too early.
+//
+// To avoid that, the right pattern would be:
+//
+// let cstring = CString::new(rs_string).unwrap();
+// unsafe {
+// some_c_function(cstring.as_ptr() as *const libc::c_char);
+// }
+//
+// So we ensure the pointer passed to 'some_c_function()' will live
+// until 'cstring' exists.
+//
+// TODO(sahid): fix code + remove macros.
+
macro_rules! string_to_c_chars {
- ($x:expr) => (::std::ffi::CString::new($x).unwrap().as_ptr())
+ ($x:expr) => (
+ ::std::ffi::CString::new($x).unwrap().as_ptr() as *const libc::c_char)
}
macro_rules! string_to_mut_c_chars {
- ($x:expr) => (::std::ffi::CString::new($x).unwrap().into_raw())
+ ($x:expr) => (
+ // Usage of this should ensure deallocation.
+ ::std::ffi::CString::new($x).unwrap().into_raw() as *mut libc::c_char)
}
macro_rules! impl_from {
--
2.17.1
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
