fix: improve ffi safety

cgo/proofs.go

@@ -169,13 +169,13 @@ func GenerateWinningPoSt(randomness *ByteArray32, replicas SliceRefPrivateReplic
 func GenerateWindowPoSt(randomness *ByteArray32, replicas SliceRefPrivateReplicaInfo, proverId *ByteArray32) ([]PoStProofGo, []uint64, error) {
 	resp := C.generate_window_post(randomness, replicas, proverId)
 	defer resp.destroy()
-	faults := resp.value.faulty_sectors.copy()
-
 	if err := CheckErr(resp); err != nil {
+		faults := resp.value.faulty_sectors.copy()
 		return nil, faults, err
 	}
+
 	proofs := resp.value.proofs.copy()
-	return proofs, faults, nil
+	return proofs, []uint64{}, nil
 }
 
 func GetGpuDevices() ([]string, error) {

proofs.go

@@ -586,17 +586,17 @@ func GenerateWindowPoSt(
 
 	randomnessBytes := cgo.AsByteArray32(randomness)
 	proofsRaw, faultsRaw, err := cgo.GenerateWindowPoSt(&randomnessBytes, cgo.AsSliceRefPrivateReplicaInfo(filReplicas), &proverID)
-	faultySectors := fromFilPoStFaultySectors(faultsRaw)
 	if err != nil {
+		faultySectors := fromFilPoStFaultySectors(faultsRaw)
 		return nil, faultySectors, err
 	}
 
 	proofs, err := fromFilPoStProofs(proofsRaw)
 	if err != nil {
-		return nil, faultySectors, err
+		return nil, nil, err
 	}
 
-	return proofs, faultySectors, nil
+	return proofs, nil, nil
 }
 
 // GetGPUDevices produces a slice of strings, each representing the name of a
@@ -796,7 +796,7 @@ func toFilPrivateReplicaInfos(src []PrivateSectorInfo, typ string) ([]cgo.Privat
 func fromFilPoStFaultySectors(ptr []uint64) []abi.SectorNumber {
 	snums := make([]abi.SectorNumber, len(ptr))
 	for i := range ptr {
-		snums = append(snums, abi.SectorNumber(ptr[i]))
+		snums[i] = abi.SectorNumber(ptr[i])
 	}
 
 	return snums

rust/src/util/api.rs

@@ -5,7 +5,9 @@ use std::sync::Once;
 use anyhow::anyhow;
 use safer_ffi::prelude::*;
 
-use super::types::{catch_panic_response, GpuDeviceResponse, InitLogFdResponse};
+use super::types::{
+    catch_panic_response, catch_panic_response_no_log, GpuDeviceResponse, InitLogFdResponse,
+};
 
 /// Protects the init off the logger.
 static LOG_INIT: Once = Once::new();
@@ -53,7 +55,7 @@ pub fn get_gpu_devices() -> repr_c::Box<GpuDeviceResponse> {
 /// be initializes implicitely and log to stderr.
 #[ffi_export]
 pub fn init_log_fd(log_fd: libc::c_int) -> repr_c::Box<InitLogFdResponse> {
-    catch_panic_response("init_log_fd", || {
+    catch_panic_response_no_log(|| {
         let file = unsafe { File::from_raw_fd(log_fd) };
 
         if init_log_with_file(file).is_none() {

rust/src/util/types.rs

@@ -160,18 +160,20 @@ where
     })
 }
 
-pub fn catch_panic_response_raw<F, T>(name: &str, callback: F) -> repr_c::Box<Result<T>>
+pub fn catch_panic_response_no_log<F, T>(callback: F) -> repr_c::Box<Result<T>>
+where
+    T: Sized + Default,
+    F: FnOnce() -> anyhow::Result<T> + std::panic::UnwindSafe,
+{
+    catch_panic_response_raw_no_log(|| Result::from(callback().map_err(|err| err.to_string())))
+}
+
+pub fn catch_panic_response_raw_no_log<F, T>(callback: F) -> repr_c::Box<Result<T>>
 where
     T: Sized + Default,
     F: FnOnce() -> Result<T> + std::panic::UnwindSafe,
 {
-    let result = match panic::catch_unwind(|| {
-        init_log();
-        log::info!("{}: start", name);
-        let res = callback();
-        log::info!("{}: end", name);
-        res
-    }) {
+    let result = match panic::catch_unwind(callback) {
         Ok(t) => t,
         Err(panic) => {
             let error_msg = match panic.downcast_ref::<&'static str>() {
@@ -186,6 +188,20 @@ where
     repr_c::Box::new(result)
 }
 
+pub fn catch_panic_response_raw<F, T>(name: &str, callback: F) -> repr_c::Box<Result<T>>
+where
+    T: Sized + Default,
+    F: FnOnce() -> Result<T> + std::panic::UnwindSafe,
+{
+    catch_panic_response_raw_no_log(|| {
+        init_log();
+        log::info!("{}: start", name);
+        let res = callback();
+        log::info!("{}: end", name);
+        res
+    })
+}
+
 pub unsafe fn catch_panic_response_no_default<F, T>(
     name: &str,
     callback: F,