Possible Double Free Issue in Mir May Compromise Exception Safety in This Crate #50
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hi,
I detect several potential double free bugs were detected in your crate via static analysis. This PR contains fixes.
pants/src/rust/engine/src/lib.rs
Lines 882 to 884 in ebf5716
pants/src/rust/engine/src/lib.rs
Lines 895 to 897 in ebf5716
pants/src/rust/engine/src/lib.rs
Lines 908 to 910 in ebf5716
pants/src/rust/engine/src/lib.rs
Lines 921 to 923 in ebf5716
These bugs primarily emerge when specific functions unwind, predominantly due to the interplay between
Box::from_rawandmem::forget. In Rust MIR (Mid-level Intermediate Representation), inserting code betweenBox::from_rawandmem::forgetcan compromise exception safety. This is because when these pieces of code unwind, both the Box that was created and the entity to which the pointer refers will be dropped. This scenario, in effect, results in a "double free" situation.pants/src/rust/engine/src/externs.rs
Lines 679 to 681 in ebf5716
In the second case we shouldn't use code pieces between
Vec::from_raw_partsandmem::forget. Because when these codes unwind, the Vec generated will drop as well as the entity which ptr pointed to. This code block can fix it by usingmem::ManuallyDropinstead ofmem::forget.