[tor-bugs] #27740 [Core Tor/Tor]: rust protover_all_supported() returns rust-allocated string in *missing_out
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Sep 20 23:36:52 UTC 2018
#27740: rust protover_all_supported() returns rust-allocated string in *missing_out
-------------------------------------------------+-------------------------
Reporter: cyberpunks | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone: Tor:
| 0.3.5.x-final
Component: Core Tor/Tor | Version: Tor:
| 0.3.3.1-alpha
Severity: Normal | Resolution:
Keywords: rust, protover, memory-safety, | Actual Points:
035-must, fast-fix |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Changes (by teor):
* keywords: => rust, protover, memory-safety, 035-must, fast-fix
* milestone: Tor: unspecified => Tor: 0.3.5.x-final
Comment:
Thanks for this bug report.
As far as I understand it, it may be ok to allocate in Rust and deallocate
in C, as long as they use the same allocator. But, this behaviour is not
guaranteed to be safe in future Rust releases:
https://gitweb.torproject.org/tor.git/tree/doc/HACKING/CodingStandardsRust.md#n365
But even if allocating in Rust and freeing in C was safe, this function is
also memory unsafe because:
* *missing_out is allocated in Rust, deallocated in Rust (when the
function returns), used in C, and then freed in C
* when missing_out is NULL, Rust still assigns to it
I'll open child tickets for these issues.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27740#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list