[tor-bugs] #27740 [Core Tor/Tor]: rust protover_all_supported() returns rust-allocated string in *missing_out

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Sep 20 23:36:52 UTC 2018


#27740: rust protover_all_supported() returns rust-allocated string in *missing_out
-------------------------------------------------+-------------------------
 Reporter:  cyberpunks                           |          Owner:  (none)
     Type:  defect                               |         Status:  new
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  0.3.5.x-final
Component:  Core Tor/Tor                         |        Version:  Tor:
                                                 |  0.3.3.1-alpha
 Severity:  Normal                               |     Resolution:
 Keywords:  rust, protover, memory-safety,       |  Actual Points:
  035-must, fast-fix                             |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by teor):

 * keywords:   => rust, protover, memory-safety, 035-must, fast-fix
 * milestone:  Tor: unspecified => Tor: 0.3.5.x-final


Comment:

 Thanks for this bug report.

 As far as I understand it, it may be ok to allocate in Rust and deallocate
 in C, as long as they use the same allocator. But, this behaviour is not
 guaranteed to be safe in future Rust releases:
 https://gitweb.torproject.org/tor.git/tree/doc/HACKING/CodingStandardsRust.md#n365

 But even if allocating in Rust and freeing in C was safe, this function is
 also memory unsafe because:
 * *missing_out is allocated in Rust, deallocated in Rust (when the
 function returns), used in C, and then freed in C
 * when missing_out is NULL, Rust still assigns to it

 I'll open child tickets for these issues.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27740#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list