`println!()` can cause panic outside `catch_unwind()`

Frommi / miniz_oxide

Rust replacement for miniz

MIT License

168 stars 48 forks source link

`println!()` can cause panic outside `catch_unwind()` #118

Open LegionMammal978 opened 1 year ago

LegionMammal978 commented 1 year ago

The miniz_oxide_c_api wrappers in src/lib.rs call println!("FATAL ERROR: Caught panic!"); when a panic is caught. println!() can panic if it fails to write, causing UB if panic = "abort" is not set. Replacing it with let _ = write!(io::stdout(), "FATAL ERROR: Caught panic!"); would make it ignore any write errors.

(As a side note, I tried to find any code paths that actually cause a panic, but could not find any. Is miniz_oxide designed to never panic in the absence of bugs?)

oyvindln commented 1 year ago

Ah, should look at finding some other way to handle that then

And yeah miniz isn't designed to explicitly panic anywhere (though it's plausible that improper use of the unsafe c api bits could cause out of bounds panics or similar.)