Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unsoundness with World pointer in WasmResolver #10

Open
spectria-limina opened this issue Jan 22, 2024 · 1 comment
Open

Unsoundness with World pointer in WasmResolver #10

spectria-limina opened this issue Jan 22, 2024 · 1 comment

Comments

@spectria-limina
Copy link
Contributor

The WasmResolver effectively exposes the raw World pointer: a client can call register with a World, stash the resulting WasmResolver somewhere, destroy the World, and then call resolve. This will cause UB with safe Rust.

Either the raw pointer needs to be protected so that it cannot be used without the World pointer becoming invalid (which is probably more complicated than simply "the World hasn't been destroyed or moved"), or those functions must be made unsafe and there must be a documented requirement that the World still exist.
@spectria-limina
Copy link
Contributor Author

Because WorldResolver is Send, you can also access the original pointer concurrently in safe code. This impl is extremely problematic.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@spectria-limina