russcip icon indicating copy to clipboard operation
russcip copied to clipboard

Published 20 hours ago verified publisher icon scipopt

Use after free in Constrint and Variable

Open Andful opened this issue 5 months ago • 1 comments

When inspecting Model and Constraint, I noticed that Model::drop frees every constraint, variable, but Constrain::name and Variable::name assume them not to be freed.

use russcip::prelude::*;

fn main() {
    // Create model
    let mut model = Model::new()
        .hide_output()
        .include_default_plugins()
        .create_prob("test")
        .set_obj_sense(ObjSense::Maximize);

    // Add variables
    let x1 = model.add_var(0., f64::INFINITY, 3., "x1", VarType::Integer);
    
    drop(model);

    println!("{}", x1.name());
}

This causes segmentation fault

Andful avatar Sep 17 '24 12:09 Andful