[bug] Unsound Sync implementation #14801
Description
Describe the bug
WindowsStore is a public type with an unsafe impl Sync override, even though the inner field is a public RefCell. Rough sketch how to cause UB:
use std::cell::RefCell;
unsafe impl Sync for BadSync {}
struct BadSync(RefCell<()>);
fn main() {
let badsync = BadSync(RefCell::new(()));
let x = &badsync;
std::thread::scope(|s| {
s.spawn(|| loop {
*x.0.borrow_mut() = ();
});
s.spawn(|| loop {
*x.0.borrow_mut() = ();
});
});
}This doesn't crash on my machine, but we can run it as cargo miri run to confirm it is unsound.
This inner RefCell is accessible to any implementer of Plugin
use tao::event::Event;
use tao::event_loop::{ControlFlow, EventLoopProxy, EventLoopWindowTarget};
use tauri_runtime::UserEvent;
use tauri_runtime_wry::EventLoopIterationContext;
use tauri_runtime_wry::Message;
use tauri_runtime_wry::Plugin;
use tauri_runtime_wry::WebContextStore;
use tauri_runtime_wry::WindowsStore;
impl<T: UserEvent> Plugin<T> {
fn on_event(
&mut self,
event: &Event<'_, Message<T>>,
event_loop: &EventLoopWindowTarget<Message<T>>,
proxy: &EventLoopProxy<Message<T>>,
control_flow: &mut ControlFlow,
context: EventLoopIterationContext<'_, T>,
web_context: &WebContextStore,
) -> bool {
let windows: &WindowsStore = &*context.windows;
std::thread::scope(|s| {
s.spawn(|| loop {
*windows.0.borrow_mut() = todo!();
});
s.spawn(|| loop {
*windows.0.borrow_mut() = todo!();
});
});
true
}
}Reproduction
No response
Expected behavior
No response
Full tauri info output
master
Stack trace
Additional context
No response