Ensure DeviceLostClosureC callbacks have null-terminated message strings. (#4744)

2024-11-22 06:44:14 +00:00 · 2023-11-22 00:00:28 -08:00 · 2023-11-22 00:00:28 -08:00 · 877dd5b26c
commit 877dd5b26c
parent 30d67a329a
1 changed files with 4 additions and 8 deletions
--- a/wgpu-core/src/device/mod.rs
+++ b/wgpu-core/src/device/mod.rs
@ -273,19 +273,15 @@ impl DeviceLostClosure {
        }
    }

-    #[allow(trivial_casts)]
    pub(crate) fn call(self, reason: DeviceLostReason, message: String) {
        match self.inner {
            DeviceLostClosureInner::Rust { callback } => callback(reason, message),
            // SAFETY: the contract of the call to from_c says that this unsafe is sound.
            DeviceLostClosureInner::C { inner } => unsafe {
-                // We need to pass message as a c_char typed pointer. To avoid trivial
-                // conversion warnings on some platforms, we use the allow lint.
-                (inner.callback)(
-                    inner.user_data,
-                    reason as u8,
-                    message.as_ptr() as *const c_char,
-                )
+                // Ensure message is structured as a null-terminated C string. It only
+                // needs to live as long as the callback invocation.
+                let message = std::ffi::CString::new(message).unwrap();
+                (inner.callback)(inner.user_data, reason as u8, message.as_ptr())
            },
        }
    }