unsafe {
// Mustn't call alloc with size 0.
let ptr = if size > 0 {
- super::alloc(size, T::align_of()).expect("User memory allocation failed") as _
+ rtunwrap!(Ok, super::alloc(size, T::align_of())) as _
} else {
T::align_of() as _ // dangling pointer ok for size 0
};
- User(NonNull::new_userref(T::from_raw_sized(ptr, size)))
+ if let Ok(v) = crate::panic::catch_unwind(|| T::from_raw_sized(ptr, size)) {
+ User(NonNull::new_userref(v))
+ } else {
+ rtabort!("Got invalid pointer from alloc() usercall")
+ }
}
}
#[inline]
fn index(&self, index: I) -> &UserRef<I::Output> {
unsafe {
- UserRef::from_ptr(index.index(&*self.as_raw_ptr()))
+ if let Some(slice) = index.get(&*self.as_raw_ptr()) {
+ UserRef::from_ptr(slice)
+ } else {
+ rtabort!("index out of range for user slice");
+ }
}
}
}
#[inline]
fn index_mut(&mut self, index: I) -> &mut UserRef<I::Output> {
unsafe {
- UserRef::from_mut_ptr(index.index_mut(&mut*self.as_raw_mut_ptr()))
+ if let Some(slice) = index.get_mut(&mut*self.as_raw_mut_ptr()) {
+ UserRef::from_mut_ptr(slice)
+ } else {
+ rtabort!("index out of range for user slice");
+ }
}
}
}