Do StdoutLock and similar have the same problem as JoinGuard?


A while back, std::thread::scoped and its helper type std::thread::JoinGuard ran into a soundness issue because Rust allows safe code to leak memory and not call its Drop destructor (via std::mem::forget or reference cycles). As a result, the design of std::thread::scoped ended up getting reworked (and moved to an external library) to not rely on destructors.

Reading the standard library, I came across Stdout::lock, which returns a StdoutLock. The description of Stdout::lock says “The lock is released when the returned lock goes out of scope.”, which raised red flags in my mind. Does this have the same problem as JoinGuard? If you leak a StdoutLock, will that cause stdout to remain permanently locked and unusable?

(At least it fails closed, rather than potentially causing a use-after-free or similar as JoinGuard did, but this still seems like a problem.)



It’s similar but not the same. However, deadlocks are safe. JoinGuard was a problem because it allowed use-after-free (and mutable aliasing).


closed #3

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.