Rc is unsafe [mostly on 32-bit targets] due to overflow
The reference counts in RcBox are of type usize, and creating a new Rc increments it with regular addition. In optimized code, where overflow checks are removed, it is possible to overflow this count, allowing a use-after-free. In the old world where values supposedly could not be forgotten (without running the destructor) without actually leaking memory, it would be impossible for this to wrap around: doing so requires 2^X Rcs where X is the pointer width, ergo sizeof(Rc) * 2^X bytes, which o...
![Rc is unsafe [mostly on 32-bit targets] due to overflow](https://us1.discourse-cdn.com/flex002/uploads/rustlang/original/2X/b/b71959a2097ce0b5c3a193ce0a6466a42d4c4952.png)