Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove unsafe conversion for PCWSTR #2136

Closed
wants to merge 1 commit into from
Closed

Remove unsafe conversion for PCWSTR #2136

wants to merge 1 commit into from

Conversation

rylev
Copy link
Contributor

@rylev rylev commented Nov 4, 2022

As @michaelwoerister pointed out this conversion, while safe, makes it very easy to write incorrect code. I think we should avoid such code.

Here's an example of some code that uses safe Rust but creates a dangling pointer:

fn create_dangling_pcwstr_pointer() -> PCWSTR {
    let s = HSTRING::from("abc");
    PCWSTR::from(&s)
}

@michaelwoerister
Copy link

Yes, this does indeed look like a potential source of errors to me.

Overall, I don't know of a good way of dealing with PCWSTR and similar string types that are essentially raw pointers with no ownership or lifetime guarantees attached.

@kennykerr
Copy link
Collaborator

kennykerr commented Nov 4, 2022
edited
Loading

This has come up before (#2084). In this case, we caught it with App Verifier (#2095) which does a great job of detecting such errors.

I'm just not sure simply removing the impl is sufficient since we still need a way to perform such a conversion.

@kennykerr
Copy link
Collaborator

kennykerr commented Nov 4, 2022
edited
Loading

This is also related to #907 and #1896 where we really need to track lifetime even, or especially, in cases where ownership is ambiguous.

@kennykerr
Copy link
Collaborator

In this case, perhaps its preferable to be explicit and require something like this (from the build break)?

        let vertex_shader = unsafe {
            D3DCompileFromFile(
                PCWSTR(shaders_hlsl.as_ptr()),
                None,
                None,

@michaelwoerister
Copy link

In this case, perhaps its preferable to be explicit and require something like this (from the build break)?

        let vertex_shader = unsafe {
            D3DCompileFromFile(
                PCWSTR(shaders_hlsl.as_ptr()),
                None,
                None,

That does look better to me, yes.

An explicit to_pcwstr() method might also make sense. It could be safe, like e.g. Vec::as_ptr() is safe, but would serve as a place where documentation about safety/lifetime can be added -- but I hesitate to suggest adding ad-hoc convenience methods like this without an overall design strategy for strings and/or win32 raw-pointers.

@kennykerr
Copy link
Collaborator

but I hesitate to suggest adding ad-hoc convenience methods like this without an overall design strategy for strings and/or win32 raw-pointers

Right, once the overall ownership story has been sorted out, see also #2126 (comment), this should be a lot clearer. Until then, I'm happy to require PCWSTR(from.as_ptr()).

@kennykerr
Copy link
Collaborator

Looks like Ryan's away. I'll close this and open an issue to take care of this.

@kennykerr kennykerr closed this Nov 8, 2022
@kennykerr kennykerr mentioned this pull request Nov 8, 2022
Closed
@riverar riverar mentioned this pull request Dec 23, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rylev @michaelwoerister @kennykerr