-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Safety #9
Comments
Thanks for pointing this out ❤️ Definitely not good... I don't have a great thought right now... |
@srijs may I ask how is it different from impl |
@ehsanmok I'm not exactly sure what you mean, but I could produce a similar example by replacing |
@srijs could you show me how you would recreate a similar issue with |
@carllerche this should do it I believe? I mean, the issue here is really interior mutability rather than thread safety. We can do interior mutabiliy in a |
Hi! I was just taking a look at this crate because it seems to be useful for a use-case I am having, where I want to read strings from a
Bytes
buffer and have them share the underlying allocation.What struck me is that some of the methods and impls on
String
seem to be inherently unsafe, because they assume things about the sanity of impls onT
which can be easily violated using safe Rust.As an example, here is a code snippet that leads to a
str
which contains invalid utf-8 (playground).There's a couple of ways I can think of how this could be fixed:
Deref
andAsRef
impls, but that seems like it would defeat the purpose of this crate.unsafe
marker trait (similar to what theowning_ref
crate does), that is used as a bound forT
to ensure that only "sane" implementations are used.Here are all the ways to construct a
String
that I believe to be currently unsafe:impl<T> TryFrom<T> for String<T> where T: AsRef<[u8]>
(since 0.1.0)impl<T: Default> Default for String<T>
(since 0.1.0)pub fn from_str<'a>(src: &'a str) -> String<T> where T: From<&'a [u8]>
(since 0.1.2)Let me know what you think!
The text was updated successfully, but these errors were encountered: