Closed jsha closed 2 years ago
@tgeoghegan @djc if either of you is available to review this, I'd appreciate it. Thanks!
I updated the issue with some related links: https://github.com/rustls/rustls-ffi/issues/245#issuecomment-1101712972. In particular, Miri can't catch this problem. From the Miri README:
In particular, Miri does currently not check that integers/floats are initialized or that references point to valid data.
This looks reasonable to me (though I haven't reviewed the unsafe invariants in depth).
Creating a reference to uninitialized memory is undefined behavior. Callers of this library are likely to pass pointers to uninitialized memory as out params. We should support that by not turning out params into references.
Instead, keep them as raw pointers and use an unsafe block where we actually write the param.
Fixes #245