Closed cpu closed 6 months ago
I think the fn names and rustdoc could use some bike shedding but I wanted to get this up for input before I log off. 💤
@ctz Did you want to give this a review pass since you were interested in https://github.com/rustls/rustls-ffi/issues/380 ?
Thanks for taking a look.
Mental note to pull these into openssl-compat
Previously the
set_boxed_mut_ptr()
andset_arc_mut_ptr()
helper fns used for assigning out parameters across the FFI boundary took*mut *mut C
and*mut *const C
for the destination argumentdst
. Using these safely required callers always verify thatdst != NULL
. In practice it's very easy to forget to do this and danger lurks!We could modify these helpers to do
NULL
checking, but we tend to use them near the end of a function to assign a result in a success case and we would preferNULL
checking happen at the beginning of the function.One proposed solution is to modify these setter functions to take
&mut *mut C
and&mut *const C
. By using new helper macros to carefully construct a&mut
from the input double pointer we can front-load theNULL
check and the assignment in the set fns can proceed knowing there's no possibility for aNULL
outer pointer.This commit implements this strategy, updating the argument type of
set_boxed_mut_ptr
andset_arc_mut_ptr
to take&mut (*const|*mut) C
. Newtry_mut_from_ptr_ptr
andtry_ref_from_ptr_ptr
macros allow converting from*mut *mut C
and*mut *const C
to the reference types, bailing early forNULL
.Resolves https://github.com/rustls/rustls-ffi/issues/380