[libvirt-rust PATCH 0/1] Fix unsoundness in wrapper new constructor

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



There are safety issues with all wrapper type constructors.
All safe wrappers can be created without `unsafe` from raw pointers.
Meaning any subsequent use will cause undefined behavior if the pointer
does not point to a valid object:

```rust
// This will segfault / Cause undefined behavior
virt::connect::Connect::new(ptr::null_mut()).get_hostname()
```

These methods to create safe wrappers from raw pointers must be `unsafe`.
And optimally is if all unsafe methods have a `# Safety` section
explaining what conditions must hold to call them.

Since these methods should not be the main way of instantiating these types,
they should likely not be called `new`, but rather something like `from_ptr`.

Let's see if I manage to make the patch appear under the same email thread this time.

Linus Färnstrand (1):
  Make creating safe wrapper from raw pointer unsafe

 src/connect.rs         | 10 ++++++++--
 src/domain.rs          | 10 ++++++++--
 src/domain_snapshot.rs | 10 ++++++++--
 src/interface.rs       | 10 ++++++++--
 src/network.rs         | 10 ++++++++--
 src/nodedev.rs         | 10 ++++++++--
 src/nwfilter.rs        | 10 ++++++++--
 src/secret.rs          | 10 ++++++++--
 src/storage_pool.rs    | 10 ++++++++--
 src/storage_vol.rs     | 10 ++++++++--
 src/stream.rs          |  8 +++++++-
 11 files changed, 87 insertions(+), 21 deletions(-)

--
2.21.0


--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux