From d45672b82123a69bb903ced2a56b455d4858f067 Mon Sep 17 00:00:00 2001 From: Vinzent Steinberg Date: Wed, 2 Sep 2020 19:19:58 +0200 Subject: [PATCH] Get rid of `ThreadRng::rng` This method must be used correctly to avoid undefined behavior. Therefore, it should be `unsafe`. Instead, we just inline it and add a comment why the code is safe. --- src/rngs/thread.rs | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/src/rngs/thread.rs b/src/rngs/thread.rs index c0e4726afad..552851f1ec3 100644 --- a/src/rngs/thread.rs +++ b/src/rngs/thread.rs @@ -95,30 +95,35 @@ impl Default for ThreadRng { } } -impl ThreadRng { - #[inline(always)] - fn rng(&mut self) -> &mut ReseedingRng { - unsafe { &mut *self.rng.get() } - } -} - impl RngCore for ThreadRng { #[inline(always)] fn next_u32(&mut self) -> u32 { - self.rng().next_u32() + // SAFETY: We must make sure to stop using `rng` before anyone else + // creates another mutable reference + let rng = unsafe { &mut *self.rng.get() }; + rng.next_u32() } #[inline(always)] fn next_u64(&mut self) -> u64 { - self.rng().next_u64() + // SAFETY: We must make sure to stop using `rng` before anyone else + // creates another mutable reference + let rng = unsafe { &mut *self.rng.get() }; + rng.next_u64() } fn fill_bytes(&mut self, dest: &mut [u8]) { - self.rng().fill_bytes(dest) + // SAFETY: We must make sure to stop using `rng` before anyone else + // creates another mutable reference + let rng = unsafe { &mut *self.rng.get() }; + rng.fill_bytes(dest) } fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), Error> { - self.rng().try_fill_bytes(dest) + // SAFETY: We must make sure to stop using `rng` before anyone else + // creates another mutable reference + let rng = unsafe { &mut *self.rng.get() }; + rng.try_fill_bytes(dest) } }