`heap_size_of` should be unsafe
bluss opened this issue · comments
bluss commented
It draws attention directly by being marked safe but using a raw pointer argument.
It seems trivial to segfault using this function in safe rust, just give it a pointer to something not allocated, or a dangling pointer.
Tested using heapsize 0.1.0
heapsize::heap_size_of(2 as *const _);
Josh Matthews commented
This is true!
Nicholas Nethercote commented
Is 2 as *const _
itself not unsafe?
Simon Sapin commented
No, only dereferencing it is.
Manish Goregaokar commented
bluss commented
let v = vec![0; N]; v[1..].as_ptr()
would have the same problem (pointer not from jemalloc). Creating raw pointers being unsafe or not, the precondition is that the passed in pointer must have been returned from jemalloc, and that is not checkable by the type system.
bluss commented
cool 🍹