{
  "$type": "site.standard.document",
  "path": "/t/ffi-proof-slice-from-raw-parts/23971#post_8",
  "publishedAt": "2026-02-05T02:04:56.000Z",
  "site": "https://internals.rust-lang.org",
  "tags": [
    "[1]",
    "↩︎"
  ],
  "textContent": "I know there are plenty of failure modes it can't check for, but it could check as much as a diligent-slightly-paranoid programmer can check for, while having an API that is nicer to use than the status quo with the bare-minimum `!is_null` check.\n\nI don't think of prevention of deliberate attacks as the primary goal. Mainly it's about making regular error checking (that returns `Result` or `Option`) more convenient and harder to forget/cut corners on in typical cases, hopefully raising the baseline across the ecosystem. Ability to catch the less common problems like misaligned pointers and -1 lengths that authors usually don't bother to check for is a bonus. And the fact that the checks can also catch a subset of other issues like ABI mismatch or _some_ exploits[1] is a cherry on top.\n\n* * *\n\n  1. attackers may not be able to overflow lengths exactly, e.g. when type confusion puts a pointer where a length was expected, or where lengths have upper limits, but the application used max-min without enforcing max>min ↩︎\n\n\n",
  "title": "FFI-proof slice::from_raw_parts"
}