Check the raw window handles for null values before using them

Question

Check the raw window handles for null values before using them

notgull opened this issue a year ago · 4 comments

It is perfectly valid for the RawWindowHandle type to contain null or zero values. In some cases this crate doesn't check and assumes that the values are valid.

Answer 1 · 2023-06-09T19:57:08.000Z

That's the reason the functions are unsafe, so you ensure such guarantees yourself. However optional fields are being checked, see x11_visual, we don't use zeros from it and simply ignore.

Adding null pointer checks won't solve the issues though, since the pointer could still be arbitrary unless we pass the safe API or &HasRawWindowHandle, so we can get, meaning that we at least ensure validity of the pointer.

Answer 2 · 2023-06-10T00:00:43.000Z

With raw_window_handle, it is perfectly valid to return the result of the empty() function. This means that, for instance, a pointer can be null and the window handle is still technically "valid". It is the onus of the consumer library to validate that pointers are either null (in their default state) or defined.

Answer 3 · 2023-06-10T05:36:57.000Z

The pointer could point into arbitrary locations though, so the real fix could be to accept a type implementing the trait? We could still check for null just in case.

Answer 4 · 2023-06-10T13:57:43.000Z

Ah, I missed the fact that RawWindowHandle itself is passed in, not impl HasRawWindowHandle. It's still probably good practice.