to_c_str! (https://github.com/arturoc/gstreamer1.0-rs/blob/f6a0c6a369db530288701e79a2d45f017544e6e3/src/util.rs#L19) is handling lifetimes of c strings incorrectly. The return value of as_ptr() is only valid during the lifetime of the underlying CString type. This can cause silent data corruption in situations where the called C code holds on to the string for a longer time (I noticed this because the playbin element that I created with PlayBin::new() changed name during the runtime of my program). There are 2 solutions:
easy and hacky: use into_raw() instead of as_ptr() and leak the resulting memory
more work but cleaner: check each usage of to_c_str! and replace them with something more durable depending on the situation (in the situation cited above, this probably means that the CString will have to be kept alive for as long as the underlying C struct is alive)
thanks, i think there were only a couple of cases were it was being used in an unsafe manner but i've removed the macro completely and use CString explecetly since it allowed such a case
to_c_str!
(https://github.com/arturoc/gstreamer1.0-rs/blob/f6a0c6a369db530288701e79a2d45f017544e6e3/src/util.rs#L19) is handling lifetimes of c strings incorrectly. The return value ofas_ptr()
is only valid during the lifetime of the underlyingCString
type. This can cause silent data corruption in situations where the called C code holds on to the string for a longer time (I noticed this because the playbin element that I created withPlayBin::new()
changed name during the runtime of my program). There are 2 solutions:into_raw()
instead ofas_ptr()
and leak the resulting memoryto_c_str!
and replace them with something more durable depending on the situation (in the situation cited above, this probably means that theCString
will have to be kept alive for as long as the underlying C struct is alive)