unix process: pre_exec: Discuss panic safety

author Ian Jackson <ijackson@chiark.greenend.org.uk>

Sun, 7 Feb 2021 13:41:49 +0000 (13:41 +0000)

committer Ian Jackson <ijackson@chiark.greenend.org.uk>

Fri, 7 May 2021 10:17:44 +0000 (11:17 +0100)
author Ian Jackson <ijackson@chiark.greenend.org.uk>
Sun, 7 Feb 2021 13:41:49 +0000 (13:41 +0000)
committer Ian Jackson <ijackson@chiark.greenend.org.uk>
Fri, 7 May 2021 10:17:44 +0000 (11:17 +0100)
diff --git a/library/std/src/os/unix/process.rs b/library/std/src/os/unix/process.rs

index 355855bcd10e203d6921f3560833bc3270fa4513..f014a3d7b253995aa36cc7aa551b5cdc14c30993 100644 (file)
--- a/library/std/src/os/unix/process.rs
+++ b/library/std/src/os/unix/process.rs
@@ -75,6 +75,12 @@ fn groups(
      /// sure that the closure does not violate library invariants by making
      /// invalid use of these duplicates.
      ///
+    /// Panicking in the closure is safe only if all the format arguments for the
+    /// panic message can be safely formatted; this is because although
+    /// `Command` calls [`std::panic::always_abort`](crate::panic::always_abort)
+    /// before calling the pre_exec hook, panic will still try to format the
+    /// panic message.
+    ///
      /// When this closure is run, aspects such as the stdio file descriptors and
      /// working directory have successfully been changed, so output to these
      /// locations may not appear where intended.
author	Ian Jackson <ijackson@chiark.greenend.org.uk>
	Sun, 7 Feb 2021 13:41:49 +0000 (13:41 +0000)
committer	Ian Jackson <ijackson@chiark.greenend.org.uk>
	Fri, 7 May 2021 10:17:44 +0000 (11:17 +0100)