When using the cxx crate for FFI and calling an unsafe function that uses plain C pointers from a safe Rust function, does Rust automatically ensure safety, or do I need to manually ensure the safety of these operations to avoid potential errors such as dangling pointers, data races, or invalid memory access?
What does "uses plain C pointers from a safe Rust function" mean?
Obviously, a Rust crate can ensure the safety of Rust code. It doesn't have any way to ensure the safety of arbitrary 3rd-party functions written in another language. For this reason, calling into extern "C"
code is, and will always, be unsafe
by definition. There's no way around that.
You'll have to manually ensure safety. This is part of the safety contract of using cxx
1 Like
This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.