A while back, std::thread::scoped and its helper type std::thread::JoinGuard ran into a soundness issue because Rust allows safe code to leak memory and not call its Drop destructor (via std::mem::forget or reference cycles). As a result, the design of std::thread::scoped ended up getting reworked (and moved to an external library) to not rely on destructors.
Reading the standard library, I came across Stdout::lock, which returns a StdoutLock. The description of Stdout::lock says “The lock is released when the returned lock goes out of scope.”, which raised red flags in my mind. Does this have the same problem as JoinGuard? If you leak a StdoutLock, will that cause stdout to remain permanently locked and unusable?
(At least it fails closed, rather than potentially causing a use-after-free or similar as JoinGuard did, but this still seems like a problem.)