UB for borrowed type containing interior mutability

[dtolnay]

Filing to track @jDomantas's report in https://www.reddit.com/r/rust/comments/m42fjx/safetouse_procmacrofree_selfreferential_structs/gqt6jkm/.

The signature of get_or_init_dependent improperly permits the caller to pick an arbitrarily short lifetime 'a, and then put a reference that is only live for 'a into Dependent. Then it's possible for them to later pick a longer lifetime 'b and get a Dependent<'b> back out, leading to Use After Free or other undefined behavior in safe code.

use once_self_cell::sync_once_self_cell;
use std::cell::Cell;

struct Owner(Cell<&'static str>);

struct Borrowed<'a>(Cell<&'a str>);

impl<'a> From<&'a Owner> for Borrowed<'a> {
    fn from(owner: &'a Owner) -> Borrowed<'a> {
        let r = owner.0.get();
        Borrowed(Cell::new(r))
    }
}

sync_once_self_cell!(
    SelfRef,
    Owner,
    Borrowed<'_>,
);

fn do_evil(cell: &SelfRef) {
    let str = String::from("short lived");
    let dep = cell.get_or_init_dependent();
    dep.0.set(&str);
}

fn main() {
    let cell = SelfRef::new(Owner(Cell::new("static string")));
    do_evil(&cell);
    let dep = cell.get_or_init_dependent();
    println!("string: {:?}", dep.0.get());
}

[Voultapher]

See this comment chain for more background and discussion of different approaches https://www.reddit.com/r/rust/comments/m42fjx/safetouse_procmacrofree_selfreferential_structs/gqxvk7r/?context=10000

I'll fix it once I find the time.

[Voultapher]

This gets addressed by #7, the relevant place are:

• https://github.com/Voultapher/once_self_cell/pull/7/files#diff-b1a35a68f14e696205874893c07fd24fdb88882b47c23cc0e0c80a30c7d53759R228
• https://github.com/Voultapher/once_self_cell/pull/7/files#diff-83383586981657b45e01cb93536cb01924ff72508d8605bc108c3df989cade15
• https://github.com/Voultapher/once_self_cell/pull/7/files#diff-b1a35a68f14e696205874893c07fd24fdb88882b47c23cc0e0c80a30c7d53759R334