Two soundness violations exist in the Rust bindings for MetaCall:

Null-pointer dereference: MetaCallFuture::new raw() accepts a raw pointer without validation. The Debug impl calls Box::from raw(self.data) on it. Passing a null pointer causes the Debug impl to construct a NonNull from null, producing undefined behavior.

Double-free: MetaCallPointer::clone() shares the same rust value raw pointer between the clone and the original. Calling get value untyped() on both clones calls Box::from raw on the same pointer twice, resulting in a double-free.

Both issues can be triggered through safe public APIs — MetaCallFuture::new raw(), MetaCallPointer::new(), clone(), and get value untyped() — with no unsafe required from the caller.