rucene icon indicating copy to clipboard operation
rucene copied to clipboard

Published 20 hours ago verified publisher icon zhihu

Use after free / aliasing &mut's when using LongsPtr

Open 5225225 opened this issue 2 years ago • 0 comments

The following code prints an arbitrary number, because the vec has already been dropped. I can also get aliasing &mut's to the same value by simply calling p.longs() multiple times, since it takes &self.

A fix to this would be to store &mut Vec and have a lifetime parameter inside LongsPtr, and have .longs() take &mut self

fn main() {
    let p = rucene::core::util::LongsPtr::new(&mut vec![15], 0, 0);
    dbg!(p.longs()[0]);
}

5225225 avatar Jan 09 '22 21:01 5225225