#27740: rust protover_all_supported() returns rust-allocated string in *missing_out -------------------------------------------------+------------------------- Reporter: cyberpunks | Owner: (none) Type: defect | Status: new Priority: Medium | Milestone: Tor: | 0.3.5.x-final Component: Core Tor/Tor | Version: Tor: | 0.3.3.1-alpha Severity: Normal | Resolution: Keywords: rust, protover, memory-safety, | Actual Points: 035-must, fast-fix | Parent ID: | Points: Reviewer: | Sponsor: -------------------------------------------------+------------------------- Changes (by teor):
* keywords: => rust, protover, memory-safety, 035-must, fast-fix * milestone: Tor: unspecified => Tor: 0.3.5.x-final Comment: Thanks for this bug report. As far as I understand it, it may be ok to allocate in Rust and deallocate in C, as long as they use the same allocator. But, this behaviour is not guaranteed to be safe in future Rust releases: https://gitweb.torproject.org/tor.git/tree/doc/HACKING/CodingStandardsRust.md#n365 But even if allocating in Rust and freeing in C was safe, this function is also memory unsafe because: * *missing_out is allocated in Rust, deallocated in Rust (when the function returns), used in C, and then freed in C * when missing_out is NULL, Rust still assigns to it I'll open child tickets for these issues. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27740#comment:3> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs