Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix unsoundness in new_library_with_data #309

Merged
merged 1 commit into from
May 23, 2024
Merged

Fix unsoundness in new_library_with_data #309

merged 1 commit into from
May 23, 2024

Conversation

madsmtm
Copy link
Contributor

@madsmtm madsmtm commented Apr 22, 2024

The library_data slice passed to the function that the dispatch data object is referencing does not necessarily outlive the library in which it will be contained.

(Note: It looks like we're upholding memory management rules here, as the object returned from dispatch_data_create is released with dispatch_release before the end of the function, but remember that the dispatch data is a reference-counted object; MTLLibrary will retain the dispatch data beyond the lifetime of the function).

As specified in https://developer.apple.com/documentation/dispatch/1452970-dispatch_data_create, if we use DISPATCH_DATA_DESTRUCTOR_DEFAULT as the destructor block instead, dispatch will copy the buffer for us automatically.

Fixes #308.

@madsmtm madsmtm mentioned this pull request Apr 22, 2024
Closed
@K0bin
Copy link

K0bin commented Apr 23, 2024

Thanks for the quick fix!

@MarijnS95
Copy link
Contributor

@madsmtm how about adding a comment to the code with your findings? Specifically, explain above DISPATCH_DATA_DESTRUCTOR_DEFAULT, that this will create a copy of the passed data so that the dispatch data becomes independent of library_data: &[u8]? Could that be part of // Safety docs on unsafe for the dispatch_data_create() function?

@madsmtm
Fix unsoundness in new_library_with_data
b35479e 
The `library_data` slice passed to the function that the dispatch data object is referencing does not necessarily outlive the library in which it will be contained.

(Note: It _looks_ like we're upholding memory management rules here, as the object returned from `dispatch_data_create` is released with `dispatch_release` before the end of the function, but remember that the dispatch data is a reference-counted object; `MTLLibrary` will retain the dispatch data beyond the lifetime of the function).

As specified in https://developer.apple.com/documentation/dispatch/1452970-dispatch_data_create, if we use DISPATCH_DATA_DESTRUCTOR_DEFAULT as the destructor block instead, `dispatch` will copy the buffer for us automatically.
grovesNL
grovesNL approved these changes May 23, 2024
View reviewed changes
Copy link
Collaborator

@grovesNL grovesNL left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

@grovesNL grovesNL merged commit 6b7e39d into gfx-rs:master May 23, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MarijnS95 MarijnS95 MarijnS95 approved these changes

@grovesNL grovesNL grovesNL approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

new_library_with_data is broken
4 participants
@madsmtm @K0bin @MarijnS95 @grovesNL