Safe CFRunLoop methods accept and dereference a raw pointer #648

kevinmehall · 2023-12-04T01:38:38Z

The CFRunLoop methods add_timer, remove_timer contains_source, add_source, remove_source, contains_observer, add_observer, remove_observer accept an argument mode of type CFRunLoopMode, which is a type alias for *const __CFString. This parameter is passed on to the underlying functions which dereference it, so these methods are unsound because nothing prevents safe code from passing an invalid pointer.

I confirmed that the following line without unsafe segfaults:

run_loop.add_source(&source.unwrap(), 0x1234 as *mut _)

Ironically, correct usage requires unsafe, because the kCFRunLoopDefaultMode and kCFRunLoopCommonModes that are normally passed here are extern statics that requires unsafe to access.

The text was updated successfully, but these errors were encountered:

Fixes servo#648

kevinmehall added a commit to kevinmehall/core-foundation-rs that referenced this issue Dec 4, 2023

Make CFRunLoopMode a safe wrapper with a lifetime.

57cbb3b

Fixes servo#648

kevinmehall linked a pull request Dec 4, 2023 that will close this issue

Make CFRunLoopMode a safe wrapper with a lifetime #650

Open

kevinmehall added a commit to kevinmehall/core-foundation-rs that referenced this issue Dec 4, 2023

Make CFRunLoopMode a safe wrapper with a lifetime.

a37e70c

Fixes servo#648

kevinmehall added a commit to kevinmehall/core-foundation-rs that referenced this issue Aug 14, 2024

Make CFRunLoopMode a safe wrapper with a lifetime.

8118d6a

Fixes servo#648

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Safe CFRunLoop methods accept and dereference a raw pointer #648

Safe CFRunLoop methods accept and dereference a raw pointer #648

kevinmehall commented Dec 4, 2023

Safe CFRunLoop methods accept and dereference a raw pointer #648

Safe CFRunLoop methods accept and dereference a raw pointer #648

Comments

kevinmehall commented Dec 4, 2023