Closed icmccorm closed 10 months ago
My intuition is that Rust was supposed to deallocate that string once it goes out of scope, like anything else.
How can memory leaks can happen in things that don't come from an unsafe {}
block?
Wow, you're right. Looking at the documentation:
// retake pointer to free memory
let _ = CString::from_raw(ptr);
Rust FFI is such a footgun. That doesn't make no sense. If RAII doesn't work here, into_raw()
should require unsafe
.
How can memory leaks can happen in things that don't come from an unsafe {} block?
I think the reason why this is allowed to happen in a safe context is because memory leaks are not considered undefined behavior in the Rust spec. For example, you can create a reference cycle with Rc<T>
that will leak memory without needing to use unsafe
.
I've been developing an experimental version of Miri that can execute foreign functions by interpreting LLVM bytecode.
Miri found the following memory leak when executing the test
utils::tests::test_utils
:It seems like the
CString
instance allocated inhex2bin
and exposed withCString::into_raw
is never deallocated, since there isn't a corresponding call toCString::from_raw