`heap_size_of` should be unsafe

[bluss]

It draws attention directly by being marked safe but using a raw pointer argument.

It seems trivial to segfault using this function in safe rust, just give it a pointer to something not allocated, or a dangling pointer.

Tested using heapsize 0.1.0

heapsize::heap_size_of(2 as *const _);

[jdm]

This is true!

[nnethercote]

Is 2 as *const _ itself not unsafe?

[SimonSapin]

No, only dereferencing it is.

[Manishearth]

Opening a vortex to Hell is actually safe, but de-referencing anything you pull from the vortex isn't safe.

[bluss]

let v = vec![0; N]; v[1..].as_ptr() would have the same problem (pointer not from jemalloc). Creating raw pointers being unsafe or not, the precondition is that the passed in pointer must have been returned from jemalloc, and that is not checkable by the type system.

[bluss]

cool 🍹