Skip to content

make_cat_object / make_planet / make_ephem_object leave object.orbit uninitialized #328

Description

@activexray

make_object deliberately does a partial memset (offsetof(object, orbit)) for ABI compatibility with pre-v1.2 callers. This is documented at the function itself, but the v1.1+ wrappers that delegate to it (make_cat_object, make_planet, make_ephem_object ) don't surface that caveat to their callers. The result: their output object has an uninitialized orbit substructure for non-orbital types, even though the rest of the struct is zeroed.

For C consumers who never read obj.orbit on a non-orbital object, this is benign. For downstream language binders that treat the object struct as a plain-old data value (Rust, Zig, anything with derive-able introspection), it's a silent UB hazard: reading the union-typed sub-fields (novas_planet, novas_reference_plane, novas_reference_system) of an uninitialized orbit.system triggers undefined behavior because the bytes may not correspond to any defined enum discriminant.

I'd suggest a bit of docs surfacing the caveat at each affected wrapper.

Once we move to v2 and you don't need ABI compat, we can fix this, of course.

Metadata

Metadata

Assignees

Labels

documentationImprovements or additions to documentation

Type

No fields configured for Task.

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions