yuja added a comment.
> + ) -> (Box<dyn Deref<Target = [Block]> + Send>, Vec<u8>) { > + let (readonly, vec) = self.into_readonly_and_added(); > + // Prevent running `v`'s destructor so we are in complete control > + // of the allocation. > + let vec = mem::ManuallyDrop::new(vec); > + > + let bytes = unsafe { > + // This is safe because we check at compile-time that there is no > + // padding. > + // /!\ Any use of `vec` after this is use-after-free. > + > + let _: [u8; 4 * BLOCK_SIZE] = > + std::mem::transmute([Block::new(); 4]); > + Vec::from_raw_parts( > + vec.as_ptr() as *mut u8, > + vec.len() * BLOCK_SIZE, > + vec.capacity() * BLOCK_SIZE, > + ) Appears that this is unsafe. The doc states that the source type must have the exact same alignment as `Vec<u8>` probably because the allocator may use separate bucket per alignment. https://doc.rust-lang.org/std/vec/struct.Vec.html#method.from_raw_parts "It's also not safe to build one from a Vec<u16> and its length, because the allocator cares about the alignment, and these two types have different alignments." Can't we instead implement `as_bytes() -> &[u8]`? REPOSITORY rHG Mercurial CHANGES SINCE LAST ACTION https://phab.mercurial-scm.org/D7796/new/ REVISION DETAIL https://phab.mercurial-scm.org/D7796 To: gracinet, #hg-reviewers, kevincox, durin42 Cc: yuja, Alphare, marmoute, durin42, kevincox, mercurial-devel _______________________________________________ Mercurial-devel mailing list Mercurial-devel@mercurial-scm.org https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel