The ComPtr API is unsound. #5813
Labels
api: dx12
Issues with DX12 or DXGI
platform: windows
Issues with integration with windows
type: bug
Something isn't working
Description
The ComPtr API let's you de reference a null pointer in safe code.
Repro steps
ComPtr::null
function.A.2 Clone your new pointer.
A.3 Look on in horror as
as_unknown
de references a null pointer.B.2 Be a bit careless and let rust autoderef your pointer under your nose.
B.3 Watch as your pointer
Deref
impl executes a rapid unplanned program exit.Possible solutions
The simplest solution would be two fold. The clone impl should only call
AddRef
when the pointer isn't null. The deref impl should be replaced by a deref function that's either safe and returns aOption<&T>
or is unsafe and returns a &T.I'm also attempting a solution where
ComPtr
is turned into a basic wrapper over a *mut ptr and a new type is introduced that always contains a valid (non null and pointing to a valid allocation) pointer to a Interface. The problem is it touches a lot of code and I'm not very familiar with this repo.Platform
Windows
The text was updated successfully, but these errors were encountered: