frankmcsherry
commented
4 years ago Hello! Sorry for the late review.
The thing that worries me here is that afaict the decode method will return a &Arc<T>, which then supports methods like clone() that return an Arc<T> without a lifetime. This returned value could then outlive the byte array on which decode was called, which could then be de-allocated, re-used, various things. I believe the Arc<T> could still have pointers in to this memory, though.
For example, in your test you could imagine decoding the Arc<String> referencing "hallo", and then cloning value2 and then writing an invalid UTF8 byte in the last position (e.g. 128). At this point I believe the clone of value2 would still be available, but reading its non-UTF8 contents would be UB.
Does that make sense to you, or should I try and modify the test to demonstrate this?
If this approach turns out to be correct, I guess we could do the same for Rc...