[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #27740 [Core Tor/Tor]: rust protover_all_supported() returns rust-allocated string in *missing_out
#27740: rust protover_all_supported() returns rust-allocated string in *missing_out
-------------------------------------------------+-------------------------
Reporter: cyberpunks | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone: Tor:
| 0.3.5.x-final
Component: Core Tor/Tor | Version: Tor:
| 0.3.3.1-alpha
Severity: Normal | Resolution:
Keywords: rust, protover, memory-safety, | Actual Points:
035-must, fast-fix |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Changes (by teor):
* keywords: => rust, protover, memory-safety, 035-must, fast-fix
* milestone: Tor: unspecified => Tor: 0.3.5.x-final
Comment:
Thanks for this bug report.
As far as I understand it, it may be ok to allocate in Rust and deallocate
in C, as long as they use the same allocator. But, this behaviour is not
guaranteed to be safe in future Rust releases:
https://gitweb.torproject.org/tor.git/tree/doc/HACKING/CodingStandardsRust.md#n365
But even if allocating in Rust and freeing in C was safe, this function is
also memory unsafe because:
* *missing_out is allocated in Rust, deallocated in Rust (when the
function returns), used in C, and then freed in C
* when missing_out is NULL, Rust still assigns to it
I'll open child tickets for these issues.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27740#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs