Add feature type check in lender closing issue #9

Author: jhg

src/error.rs

@@ -16,6 +16,9 @@ pub enum PointerError {
     /// A pointer that was not previously lent to the FFI user.
     #[cfg(all(feature = "std", feature = "lender"))]
     Invalid,
+    /// A pointer previously lent but the type is not the same.
+    #[cfg(all(feature = "std", feature = "lender"))]
+    InvalidType,
     /// Trying to convert to `&str` a C string which content is not valid UTF-8.
     Utf8Error(Utf8Error),
     /// Trying to alloc memory, see [`alloc::collections::TryReserveError`].
@@ -28,6 +31,11 @@ impl core::fmt::Display for PointerError {
         match self {
             Self::Null => write!(f, "dereference a null pointer will produce a crash"),
             Self::Invalid => write!(f, "dereference a unknown pointer could produce a crash"),
+            #[cfg(all(feature = "std", feature = "lender"))]
+            Self::InvalidType => write!(
+                f,
+                "dereference a pointer with a different type could produce errors"
+            ),
             Self::Utf8Error(error) => write!(
                 f,
                 "the provided C string is not a valid UTF-8 string: {error}"
@@ -44,7 +52,7 @@ impl core::fmt::Display for PointerError {
 impl std::error::Error for PointerError {
     fn source(&self) -> Option<&(dyn std::error::Error + 'static)> {
         match self {
-            Self::Null | Self::Invalid => None,
+            Self::Null | Self::Invalid | Self::InvalidType => None,
             Self::Utf8Error(error) => Some(error),
             Self::TryReserveError(error) => Some(error),
         }

src/lender.rs

@@ -1,13 +1,14 @@
 #![cfg(all(feature = "std", feature = "lender"))]
 
 use lazy_static::lazy_static;
-use std::collections::HashSet;
+use std::any::TypeId;
+use std::collections::HashMap;
 use std::sync::{RwLock, RwLockWriteGuard};
 
 use crate::error::PointerError;
 
 lazy_static! {
-    static ref LENT_POINTERS: RwLock<HashSet<usize>> = RwLock::new(HashSet::new());
+    static ref LENT_POINTERS: RwLock<HashMap<usize, TypeId>> = RwLock::new(HashMap::new());
 }
 
 /// Check if a pointer was [`lent`](lend).
@@ -17,12 +18,13 @@ lazy_static! {
 /// If the [`RwLock`] used is poisoned, but it only happens if a panic happens
 /// while holding it. And it's specially reviewed and in a small module to
 /// avoid panics while holding it.
-pub(super) fn is_lent<T>(pointer: *const T) -> bool {
+pub(super) fn lent_type_of<T>(pointer: *const T) -> Option<TypeId> {
     let Ok(lent_pointers) = LENT_POINTERS.read() else {
         log::error!("RwLock poisoned, it is not possible to check pointers");
         unreachable!();
     };
-    return lent_pointers.contains(&(pointer as usize));
+
+    lent_pointers.get(&(pointer as usize)).copied()
 }
 
 /// Use only when lend memory as a [`raw`](crate::raw) pointer.
@@ -32,15 +34,16 @@ pub(super) fn is_lent<T>(pointer: *const T) -> bool {
 /// If the [`RwLock`] used is poisoned, but it only happens if a panic happens
 /// while holding it. And it's specially reviewed and in a small module to
 /// avoid panics while holding it.
-pub(super) fn lend<T>(pointer: *const T) -> Result<(), PointerError> {
+pub(super) fn lend<T: 'static>(pointer: *const T) -> Result<(), PointerError> {
     let mut lent_pointers = writable_lent_pointers();
 
     if let Err(error) = lent_pointers.try_reserve(1) {
         log::error!("Can not alloc memory to lent a pointer: {error}");
         return Err(PointerError::from(error));
     }
-    lent_pointers.insert(pointer as usize);
-    return Ok(());
+
+    lent_pointers.insert(pointer as usize, TypeId::of::<T>());
+    Ok(())
 }
 
 /// Use only when [`own_back`](crate::own_back) memory.
@@ -54,7 +57,7 @@ pub(super) fn retrieve<T>(pointer: *const T) {
     writable_lent_pointers().remove(&(pointer as usize));
 }
 
-fn writable_lent_pointers() -> RwLockWriteGuard<'static, HashSet<usize>> {
+fn writable_lent_pointers() -> RwLockWriteGuard<'static, HashMap<usize, TypeId>> {
     let Ok(lent_pointers) = LENT_POINTERS.write() else {
         log::error!("RwLock poisoned, it is not possible to add or remove pointers");
         unreachable!();

src/lib.rs

@@ -32,7 +32,7 @@ mod validation;
 /// If the allocator reports a failure, then an error is returned.
 #[cfg(any(feature = "alloc", feature = "std"))]
 #[inline]
-pub fn raw<T>(data: T) -> Result<*mut T, PointerError> {
+pub fn raw<T: 'static>(data: T) -> Result<*mut T, PointerError> {
     let pointer = Box::into_raw(Box::new(data));
 
     #[cfg(all(feature = "std", feature = "lender"))]
@@ -53,13 +53,16 @@ pub fn raw<T>(data: T) -> Result<*mut T, PointerError> {
 ///
 /// The pointer must be not null as it is an obvious invalid pointer.
 ///
+/// Also, the type must be the same as the original.
+///
 /// # Safety
 ///
 /// Invalid pointer or call it twice could cause an undefined behavior or heap error and a crash.
 #[cfg(any(feature = "alloc", feature = "std"))]
 #[inline]
 #[allow(clippy::not_unsafe_ptr_arg_deref)]
-pub unsafe fn own_back<T>(pointer: *mut T) -> Result<T, PointerError> {
+pub unsafe fn own_back<T: 'static>(pointer: *mut T) -> Result<T, PointerError> {
+    validation::not_null_pointer(pointer)?;
     validation::lent_pointer(pointer)?;
     let boxed = { Box::from_raw(pointer) };
 
@@ -84,7 +87,7 @@ pub unsafe fn object<'a, T>(pointer: *const T) -> Result<&'a T, PointerError> {
     Ok(&*pointer)
 }
 
-/// Mutable reference to a object but without back to own it.
+/// Mutable reference to an object but without back to own it.
 ///
 /// # Errors
 ///

src/validation.rs

@@ -13,14 +13,17 @@ pub fn not_null_pointer<T>(pointer: *const T) -> Result<(), PointerError> {
 }
 
 #[inline]
-pub fn lent_pointer<T>(pointer: *const T) -> Result<(), PointerError> {
-    not_null_pointer(pointer)?;
-
+pub fn lent_pointer<T: 'static>(pointer: *const T) -> Result<(), PointerError> {
     #[cfg(all(feature = "std", feature = "lender"))]
-    if !lender::is_lent(pointer) {
-        log::error!("Using an invalid pointer as an opaque pointer to Rust's data");
-        return Err(PointerError::Invalid);
+    match lender::lent_type_of(pointer) {
+        Some(type_id) if type_id != std::any::TypeId::of::<T>() => {
+            log::error!("Using a pointer with a different type as an opaque pointer to Rust's data");
+            Err(PointerError::InvalidType)
+        }
+        None => {
+            log::error!("Using an invalid pointer as an opaque pointer to Rust's data");
+            Err(PointerError::Invalid)
+        }
+        _ => Ok(()),
     }
-
-    Ok(())
 }

tests/pointer.rs

@@ -1,6 +1,7 @@
 use opaque_pointer;
 use opaque_pointer::error::PointerError;
 
+
 #[derive(Debug)]
 struct TestIt {
     value: u8,
@@ -18,6 +19,7 @@ impl TestIt {
     }
 }
 
+
 #[test]
 fn own_back() {
     let pointer = opaque_pointer::raw(TestIt::new(2)).unwrap();
@@ -36,6 +38,20 @@ fn own_back_invalid_pointer() {
     );
 }
 
+#[cfg(all(feature = "std", feature = "lender"))]
+#[test]
+fn own_back_invalid_type() {
+    let pointer = opaque_pointer::raw(TestIt::new(2)).unwrap() as *mut u8;
+    let error = unsafe { opaque_pointer::own_back(pointer).unwrap_err() };
+    assert_eq!(
+        error,
+        PointerError::InvalidType
+    );
+
+    unsafe { opaque_pointer::own_back(pointer as *mut TestIt).unwrap() };
+}
+
+
 #[test]
 fn immutable_reference() {
     let pointer = opaque_pointer::raw(TestIt::new(2)).unwrap();
@@ -45,6 +61,7 @@ fn immutable_reference() {
     unsafe { opaque_pointer::own_back(pointer).unwrap() };
 }
 
+
 #[test]
 fn mutable_reference() {
     let pointer = opaque_pointer::raw(TestIt::new(2)).unwrap();