Closed dtolnay closed 4 months ago
This is an example of a use-after-free and double-free in safe code, which is not supposed to happen:
// [dependencies] // rquickjs = { version = "0.4.3", features = ["allocator"] } use rquickjs::allocator::{Allocator, RustAllocator}; fn main() { let mut s = ".".repeat(40); RustAllocator.dealloc(s.as_mut_ptr().wrapping_add(8)); println!("{:?}", s); }
$ cargo run "\u{4}|3tpU\0\0üîa?É:ö........................" free(): double free detected in tcache 2 Aborted (core dumped)
Thanks for pointing this out!
The Allocator methods should indeed be marked as unsafe functions.
Allocator
This is fixed in the latest version.
This is an example of a use-after-free and double-free in safe code, which is not supposed to happen: