jsha
commented
2 years ago @tgeoghegan @djc if either of you is available to review this, I'd appreciate it. Thanks!
Closed jsha closed 2 years ago
jsha
commented
2 years ago @tgeoghegan @djc if either of you is available to review this, I'd appreciate it. Thanks!
jsha
commented
2 years ago I updated the issue with some related links: https://github.com/rustls/rustls-ffi/issues/245#issuecomment-1101712972. In particular, Miri can't catch this problem. From the Miri README:
In particular, Miri does currently not check that integers/floats are initialized or that references point to valid data.
djc
commented
2 years ago This looks reasonable to me (though I haven't reviewed the unsafe invariants in depth).
Creating a reference to uninitialized memory is undefined behavior. Callers of this library are likely to pass pointers to uninitialized memory as out params. We should support that by not turning out params into references.
Instead, keep them as raw pointers and use an unsafe block where we actually write the param.
Fixes #245