On Wed, 18 Oct 2023 at 10:06, Ariel Miculas (amiculas) <amiculas@xxxxxxxxx> wrote: > I think this is not safe. from_raw_parts_mut's documentation says: > ``` > `data` must be non-null and aligned even for zero-length slices. One > reason for this is that enum layout optimizations may rely on references > (including slices of any length) being aligned and non-null to distinguish > them from other data. You can obtain a pointer that is usable as `data` > for zero-length slices using [`NonNull::dangling()`]. > ``` > > `vfs_getxattr_alloc` explicitly calls the `get` handler with `buffer` set > to NULL and `size` set to 0, in order to determine the required size for > the extended attributes: > ``` > error = handler->get(handler, dentry, inode, name, NULL, 0); > if (error < 0) > return error; > ``` > > So `buffer` is definitely NULL in the first call to the handler. > > When `buffer` is NULL, the first argument to `from_raw_parts_mut` should > be `NonNull::dangling()`. Good catch, thanks! I'll fix this for v2.