fix unsafe .ptr access in Phobos#4426
Conversation
|
|
||
| return retval.ptr; | ||
| auto trustedPtr() @trusted { return retval.ptr; } | ||
| return trustedPtr(); |
There was a problem hiding this comment.
Even though this LGTM, creating a function that can be called any time is more dangerous than an anonymous lambda that is called once:
return (() @trusted => retval.ptr)();And it's shorter code too.
There was a problem hiding this comment.
It's a local function anyhow so the damage is narrowed down.
There was a problem hiding this comment.
I'm not saying it's awful and should cause the PR not to be pulled. What I'm saying is that it seems unnecessarily open for abuse. I could see a refactor at some point somehow open it up to the rest of the function.
It's also more verbose. If we can do better, shouldn't we?
There was a problem hiding this comment.
@ntrel: Isn't this just "escaping" a pointer to a literal (GC-allocated if P is mutable, global data otherwise)?
There was a problem hiding this comment.
global data otherwise
oooh, is that new? I always thought [element] would allocate, even if element is immutable.
|
I'll pull this, the difference between a trusted lambda and a separate function is pretty small, especially in a small block. |
|
Auto-merge toggled on |
5 participants
Necessary for dlang/dmd#5860