core-foundation-rs icon indicating copy to clipboard operation
core-foundation-rs copied to clipboard

Published 20 hours ago verified publisher icon servo

`CGDisplayMode::all_display_modes` segmentation fault

Open ghost opened this issue 6 years ago • 2 comments

Calling this function twice in a row will crash the program. I think the issue is that the implementation is creating a CGDisplayMode by taking a pointer to the display mode returned by CGDisplayCopyAllDisplayModes, but the array is freed when the function returns. I believe there is a double-free happening here. Adding a CGDisplayModeRetain call might solve the issue. I'm confused by the macros that this library uses, so I'm not sure that this is the correct solution however.

ghost avatar Jun 26 '19 15:06 ghost 

use core_graphics::display::{CGDisplay, CGDisplayMode};

fn main() {
    let display = CGDisplay::main();
    CGDisplayMode::all_display_modes(display.id, std::ptr::null());
    CGDisplayMode::all_display_modes(display.id, std::ptr::null()); // Segmentation fault
}

ghost avatar Jun 26 '19 15:06 ghost

According to https://developer.apple.com/documentation/coregraphics/1455537-cgdisplaycopyalldisplaymodes?language=objc the caller is responsible for releasing the new array reference, which matches the create rule. The implementation uses the create rule, which makes it hard to figure out what's going wrong here.

jdm avatar Jun 26 '19 15:06 jdm