rust_poker icon indicating copy to clipboard operation
rust_poker copied to clipboard
verified publisher icon kmurf1999

Double free in mir will violate exception safety in this crate.

Open cchanging opened this issue 5 years ago • 2 comments

We detected several double free bugs in your crate via static analysis. Double free will appear when these function unwind, mainly caused by Vec::from_raw_parts & mem::forget. In Rust Mir, inserting code between Vec::from_raw_parts & mem::forget will violate exception safety. Because when these code unwind, the Vec generated will drop as well as the entity which ptr pointed to.

https://github.com/kmurf1999/rust_poker/blob/dde0072f77cb38c5aa66f93f142552a974e29210/read_write/src/lib.rs#L29 1610261457087

cchanging avatar Jan 12 '21 03:01 cchanging

Any idea on how I can resolve these issues? I'm using that bit of code to transform data into byte vectors and write them to a file as binary.

kmurf1999 avatar Jan 26 '21 17:01 kmurf1999

Any idea on how I can resolve these issues? I'm using that bit of code to transform data into byte vectors and write them to a file as binary.

I think using ManuallyDrop is probably more applicable than mem::forget, and it won't have this problem with ManuallyDrop. like let mut converted = mem:ManuallyDrop::new(Vec::<u8>::from_raw_parts(buffer.as_mut_ptr() as *mut u8, length * size_of::<T>(), capacity * size_of::<T>())); which do without forget.

cchanging avatar Jan 27 '21 04:01 cchanging