mikros/rust
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Rollup merge of #114987 - RalfJung:unsound-mmap, r=cjgillot

Browse Source 
elaborate a bit on the (lack of) safety in 'Mmap::map'

Sadly none of the callers of this function even consider it worth mentioning in their unsafe block that what they are doing is completely unsound.
This commit is contained in:
Weihang Lo 2023-08-24 22:53:57 +01:00 committed by GitHub
commit 832fb9c072
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
compiler/rustc_data_structures/src/memmap.rs
View File

@ -11,9 +11,14 @@
#[cfg(not(target_arch = "wasm32"))] #[cfg(not(target_arch = "wasm32"))]
impl Mmap { impl Mmap {
/// # Safety
///
/// The given file must not be mutated (i.e., not written, not truncated, ...) until the mapping is closed.
///
/// However in practice most callers do not ensure this, so uses of this function are likely unsound.
#[inline] #[inline]
pub unsafe fn map(file: File) -> io::Result<Self> { pub unsafe fn map(file: File) -> io::Result<Self> {
// Safety: this is in fact not safe. // Safety: the caller must ensure that this is safe.
unsafe { memmap2::Mmap::map(&file).map(Mmap) } unsafe { memmap2::Mmap::map(&file).map(Mmap) }
} }
} }