Rollup merge of #114987 - RalfJung:unsound-mmap, r=cjgillot

elaborate a bit on the (lack of) safety in 'Mmap::map' Sadly none of the callers of this function even consider it worth mentioning in their unsafe block that what they are doing is completely unsound.
rust-lang · Aug 24, 2023 · 832fb9c · 832fb9c
2 parents 58eefc3 + 132a2c6
commit 832fb9c
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/compiler/rustc_data_structures/src/memmap.rs b/compiler/rustc_data_structures/src/memmap.rs
@@ -11,9 +11,14 @@ pub struct Mmap(Vec<u8>);
 
 #[cfg(not(target_arch = "wasm32"))]
 impl Mmap {
+    /// # Safety
+    ///
+    /// The given file must not be mutated (i.e., not written, not truncated, ...) until the mapping is closed.
+    ///
+    /// However in practice most callers do not ensure this, so uses of this function are likely unsound.
     #[inline]
     pub unsafe fn map(file: File) -> io::Result<Self> {
-        // Safety: this is in fact not safe.
+        // Safety: the caller must ensure that this is safe.
         unsafe { memmap2::Mmap::map(&file).map(Mmap) }
     }
 }