Skip to content

Potential unsoundness in referencing #851

New issue
New issue
Open
#883
Open
Potential unsoundness in referencing#851
#883
@Manishearth

Description

@Manishearth
Manishearth
opened on Nov 14, 2025

I was unsafe-reviewing the referencing crate and noticed this:

jsonschema/crates/jsonschema-referencing/src/anchors/mod.rs

Lines 29 to 36 in a1ffac5

// SAFETY: The pointer is valid as long as the registry exists
unsafe {
std::str::from_utf8_unchecked(std::slice::from_raw_parts(
self.ptr.load(Ordering::Relaxed),
self.len,
))
}
}

It's very unclear if this invariant is upheld properly: anchors get threaded through a lot of the code and there are no comments anywhere talking about this

Furthermore, self-referential code is notorious in Rust for being hard to get right: even when the conceptual lifetimes are right there are many subtle things around Rust's aliasing model that you can get wrong.

Some alternate routes:

  • Just clone the string
  • Use an existing self-referential crate
  • See if you can make it work with lifetimes. I'm not convinced this is possible.
  • Split out the Anchors map into an AnchorContext type that is not stored within the Registry but instead passed to it, allowing it to reference the registry.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions