redismodule-rs icon indicating copy to clipboard operation
redismodule-rs copied to clipboard
verified publisher icon RedisLabsModules

Functions suppressing not_unsafe_ptr_arg_deref clippy lint are unsound

Open nico-abram opened this issue 4 years ago • 1 comments

All of these functions supressing the clippy lint clippy::not_unsafe_ptr_arg_deref seem to be trivially unsound:

https://github.com/RedisLabsModules/redismodule-rs/blob/56a8082371df284fbe575aa22d9572c2ecc77b66/src/raw.rs#L185-L591

There are more instances of supressions of this lint in this repository: https://github.com/RedisLabsModules/redismodule-rs/search?q=not_unsafe_ptr_arg_deref

Even if they were not exposed in the crate's public API, having unsound functions like that internally would be error prone.

At least one of these is available in the public API. Example safe rust code that triggers Undefined Behaviour:

redis_module::raw::call_reply_type(0usize as *mut _);

I found these after reading https://github.com/rust-lang/rust-clippy/issues/7666 and searching all of github for code supressing this clippy lint.

nico-abram avatar Dec 28 '21 03:12 nico-abram

Agreed, good find. The right thing to do is probably to remove the #[allow(clippy::not_unsafe_ptr_arg_deref)] and mark the functions as unsafe instead. Also, functions like call_reply_type should definitely not be in the public API and we should mark them as pub(crate).

gavrie avatar Dec 29 '21 09:12 gavrie