Remove safety check on strong_count < 1. (#32)

jsha · web-flow · commit eddcb096bced · 2021-02-02T16:08:48.000-08:00
Previously, we tried to check against the possibility that C code calls rustls_client_config_free twice. We did this by doing `Arc::from_raw`, then checking if strong_count is < 1. However, this was undefined behavior: deferencing a dangling pointer. https://doc.rust-lang.org/reference/behavior-considered-undefined.html If strong_count went to zero on some previous call, `Arc` would have dropped its contents. That means the pointed-to memory is no longer valid to access, and its contents are undefined. So we might see strong_count of 1,000,000, or -1,000,000, or any other value; or monkeys could fly out of our noses. The C caller can still invoke undefined behavior by calling `rustls_client_config_free` twice, but the previous change tried to detect undefined behavior by invoking undefined behavior, which doesn't work.
diff --git a/src/client.rs b/src/client.rs
@@ -135,18 +135,10 @@ pub extern "C" fn rustls_client_config_builder_load_roots_from_file(
 pub extern "C" fn rustls_client_config_free(config: *const rustls_client_config) {
     ffi_panic_boundary_unit! {
         let config: &ClientConfig = try_ref_from_ptr!(config, &mut ClientConfig, ());
-        // To free the client_config, we reconstruct the Arc. It should have a refcount of 1,
-        // representing the C code's copy. When it drops, that refcount will go down to 0
-        // and the inner ClientConfig will be dropped.
-        let arc: Arc<ClientConfig> = unsafe { Arc::from_raw(config) };
-        let strong_count = Arc::strong_count(&arc);
-        if strong_count < 1 {
-            eprintln!(
-                "rustls_client_config_free: invariant failed: arc.strong_count was < 1: {}. \
-                You must not free the same client_config multiple times.",
-                strong_count
-            );
-        }
+        // To free the client_config, we reconstruct the Arc and then drop it. It should
+        // have a refcount of 1, representing the C code's copy. When it drops, that
+        // refcount will go down to 0 and the inner ClientConfig will be dropped.
+        unsafe { drop(Arc::from_raw(config)) };
     }
 }
 
