`heap_size_of` should be unsafe

Question

`heap_size_of` should be unsafe

bluss opened this issue 9 years ago · comments

It draws attention directly by being marked safe but using a raw pointer argument.

It seems trivial to segfault using this function in safe rust, just give it a pointer to something not allocated, or a dangling pointer.

Tested using heapsize 0.1.0

heapsize::heap_size_of(2 as *const _);

bluss commented 9 years ago

cool 🍹

Josh Matthews · Answer 1 · Mon Aug 10 2015 00:47:56 GMT+0800 (China Standard Time)

This is true!

Nicholas Nethercote · Answer 2 · Mon Aug 10 2015 07:08:42 GMT+0800 (China Standard Time)

Is 2 as *const _ itself not unsafe?

Simon Sapin · Answer 3 · Mon Aug 10 2015 07:19:50 GMT+0800 (China Standard Time)

No, only dereferencing it is.

Manish Goregaokar · Answer 4 · Mon Aug 10 2015 15:55:52 GMT+0800 (China Standard Time)

Opening a vortex to Hell is actually safe, but de-referencing anything you pull from the vortex isn't safe.

bluss · Answer 5 · Mon Aug 10 2015 16:44:42 GMT+0800 (China Standard Time)

let v = vec![0; N]; v[1..].as_ptr() would have the same problem (pointer not from jemalloc). Creating raw pointers being unsafe or not, the precondition is that the passed in pointer must have been returned from jemalloc, and that is not checkable by the type system.