yuja added a comment.
> + ) -> (Box<dyn Deref<Target = [Block]> + Send>, Vec<u8>) {
> + let (readonly, vec) = self.into_readonly_and_added();
> + // Prevent running `v`'s destructor so we are in complete control
> + // of the allocation.
> + let vec = mem::ManuallyDrop::new(vec);
> +
> + let bytes = unsafe {
> + // This is safe because we check at compile-time that there is
no
> + // padding.
> + // /!\ Any use of `vec` after this is use-after-free.
> +
> + let _: [u8; 4 * BLOCK_SIZE] =
> + std::mem::transmute([Block::new(); 4]);
> + Vec::from_raw_parts(
> + vec.as_ptr() as *mut u8,
> + vec.len() * BLOCK_SIZE,
> + vec.capacity() * BLOCK_SIZE,
> + )
Appears that this is unsafe. The doc states that the source type must have the
exact same alignment as `Vec<u8>` probably because the allocator may use
separate bucket per alignment.
https://doc.rust-lang.org/std/vec/struct.Vec.html#method.from_raw_parts
"It's also not safe to build one from a Vec<u16> and its length, because the
allocator cares about the alignment, and these two types have different
alignments."
Can't we instead implement `as_bytes() -> &[u8]`?
REPOSITORY
rHG Mercurial
CHANGES SINCE LAST ACTION
https://phab.mercurial-scm.org/D7796/new/
REVISION DETAIL
https://phab.mercurial-scm.org/D7796
To: gracinet, #hg-reviewers, kevincox, durin42
Cc: yuja, Alphare, marmoute, durin42, kevincox, mercurial-devel
_______________________________________________
Mercurial-devel mailing list
Mercurial-devel@mercurial-scm.org
https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel
