unix process: pre_exec: Discuss panic safety

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk> Co-authored-by: Mara Bos <m-ou.se@m-ou.se>
2024-11-23 23:34:48 +00:00 · 2021-02-07 13:41:49 +00:00 · 2021-02-07 13:41:49 +00:00 · 9283cdca36
commit 9283cdca36
parent 820123a949
1 changed files with 6 additions and 0 deletions
--- a/library/std/src/os/unix/process.rs
+++ b/library/std/src/os/unix/process.rs
@ -75,6 +75,12 @@ pub trait CommandExt: Sealed {
    /// sure that the closure does not violate library invariants by making
    /// invalid use of these duplicates.
    ///
+    /// Panicking in the closure is safe only if all the format arguments for the
+    /// panic message can be safely formatted; this is because although
+    /// `Command` calls [`std::panic::always_abort`](crate::panic::always_abort)
+    /// before calling the pre_exec hook, panic will still try to format the
+    /// panic message.
+    ///
    /// When this closure is run, aspects such as the stdio file descriptors and
    /// working directory have successfully been changed, so output to these
    /// locations may not appear where intended.