search

jkb0o / pecs

Asynchronous operations for Bevy Engine
Apache License 2.0
65 stars 7 forks source link

Unsoundness with World pointer in WasmResolver #10

Open spectria-limina opened 10 months ago

spectria-limina commented 10 months ago

The WasmResolver effectively exposes the raw World pointer: a client can call register with a World, stash the resulting WasmResolver somewhere, destroy the World, and then call resolve. This will cause UB with safe Rust.

Either the raw pointer needs to be protected so that it cannot be used without the World pointer becoming invalid (which is probably more complicated than simply "the World hasn't been destroyed or moved"), or those functions must be made unsafe and there must be a documented requirement that the World still exist.

spectria-limina commented 10 months ago

Because WorldResolver is Send, you can also access the original pointer concurrently in safe code. This impl is extremely problematic.