unsafe {
// Mustn't call alloc with size 0.
let ptr = if size > 0 {
- super::alloc(size, T::align_of()).expect("User memory allocation failed") as _
+ rtunwrap!(Ok, super::alloc(size, T::align_of())) as _
} else {
T::align_of() as _ // dangling pointer ok for size 0
};
- User(NonNull::new_userref(T::from_raw_sized(ptr, size)))
+ if let Ok(v) = crate::panic::catch_unwind(|| T::from_raw_sized(ptr, size)) {
+ User(NonNull::new_userref(v))
+ } else {
+ rtabort!("Got invalid pointer from alloc() usercall")
+ }
}
}
}
/// Returns an iterator over the slice.
- pub fn iter(&self) -> Iter<T>
+ pub fn iter(&self) -> Iter<'_, T>
where T: UserSafe // FIXME: should be implied by [T]: UserSafe?
{
unsafe {
}
/// Returns an iterator that allows modifying each value.
- pub fn iter_mut(&mut self) -> IterMut<T>
+ pub fn iter_mut(&mut self) -> IterMut<'_, T>
where T: UserSafe // FIXME: should be implied by [T]: UserSafe?
{
unsafe {