LSLaunchURLSpec is defined in src/macos.rs as:

#[repr(C)]
struct LSLaunchURLSpec {
    app_url: CFURLRef,
    item_urls: CFArrayRef,
    pass_thru_params: *const c_void,
    launch_flags: u32,
    async_ref_con: *const c_void,
}

At a glance, you'd think this matches the definition in the C header:

typedef struct LSLaunchURLSpec {
  __nullable CFURLRef appURL;
  __nullable CFArrayRef itemURLs;
  const AEDesc * __nullable passThruParams;
  LSLaunchFlags launchFlags;
  void * __nullable asyncRefCon;
} LSLaunchURLSpec;

However, there's a catch: the header contains #pragma pack(push, 2), see here, which means that the correct definition in Rust should correspondingly use #[repr(C, packed(2))].

Effectively, the difference is that the 4 padding bytes that the compiler otherwise inserts between launchFlags and asyncRefCon shouldn't be there. This is somewhat unlikely to be an issue in practice, since the compiler will likely zero out the padding bytes; but if it decided not to, then LSOpenFromURLSpec would read a bogus asyncRefCon pointer.

Found this as part of fixing madsmtm/objc2#758, and then I remembered that I had seen LSLaunchURLSpec used here too.