At the moment, we've got an Address<'a> type which is (effectively) a (&'a str, i32) tuple. The problem is a couple types contain a *const sys::signal_address and because our "safe" wrappers aren't constrained by the lifetime of the address, it's possible to have a dangling pointer when the original borrowed address is destroyed...