There are safety issues with all wrapper type constructors. All safe wrappers can be created without `unsafe` from raw pointers. Meaning any subsequent use will cause undefined behavior if the pointer does not point to a valid object: ```rust // This will segfault / Cause undefined behavior virt::connect::Connect::new(ptr::null_mut()).get_hostname() ``` These methods to create safe wrappers from raw pointers must be `unsafe`. And optimally is if all unsafe methods have a `# Safety` section explaining what conditions must hold to call them. Since these methods should not be the main way of instantiating these types, they should likely not be called `new`, but rather something like `from_ptr`. Let's see if I manage to make the patch appear under the same email thread this time. Linus Färnstrand (1): Make creating safe wrapper from raw pointer unsafe src/connect.rs | 10 ++++++++-- src/domain.rs | 10 ++++++++-- src/domain_snapshot.rs | 10 ++++++++-- src/interface.rs | 10 ++++++++-- src/network.rs | 10 ++++++++-- src/nodedev.rs | 10 ++++++++-- src/nwfilter.rs | 10 ++++++++-- src/secret.rs | 10 ++++++++-- src/storage_pool.rs | 10 ++++++++-- src/storage_vol.rs | 10 ++++++++-- src/stream.rs | 8 +++++++- 11 files changed, 87 insertions(+), 21 deletions(-) -- 2.21.0 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
