vnrst
commented
9 months ago Edited my comment to say that this cannot be a use-after-free using only safe Rust. So it's not a vulnerability/UB.
Closed vnrst closed 9 months ago
vnrst
commented
9 months ago Edited my comment to say that this cannot be a use-after-free using only safe Rust. So it's not a vulnerability/UB.
diwic
commented
9 months ago So I think you have a point, but as you say it's only meant to be used with unsafe code anyway. And no lifetime annotation means simpler code. So maybe it would be better to just write documentation about this. And btw - this is quite transient data anyhow, wait a second and all values will be obsolete so having a lifetime annotation might give the impression that the data would be valid as long as the mmapio is valid, which might be true from a Rust memory safety perspective but not a practical one...
diwic
commented
9 months ago So I'm leaning towards keeping it as it is, but if you have a good use case for where this would be very helpful I'm open for such an argument :-)
This function duplicates the pointer to the underlying data
self.data.mem.ptr, butRawSamples<S>doesn't have a lifetime annotation to mark this loan.https://github.com/diwic/alsa-rs/blob/db4bdd7f4e467148c091720589d217fdafb5d168/src/direct/pcm.rs#L418-L437
The same underlying memory is invalidated when
DriverMemory<S>is dropped.https://github.com/diwic/alsa-rs/blob/db4bdd7f4e467148c091720589d217fdafb5d168/src/direct/pcm.rs#L231-L235
So the raw samples can still be accessed after the
MmapIOobject is dropped, and they will contain a raw pointer to invalid memory.I don't know if this can be considered a design flaw because the
RawSamplesobject is designed to be used only withunsafecode and it's the user's responsibility to ensure that it's used in a safe manner. But adding a lifetime annotation likeRawSamples<'a, S>along with aPhantomDatamarker would definitely remove any possibility of misuse.