search

longbridgeapp / rust-i18n

A better and simply I18n crate for Rust.
MIT License
321 stars 32 forks source link

AtomicStr is unsound, causes use-after-free #71

Closed Kijewski closed 10 months ago

Kijewski commented 10 months ago

Minimal example:

use std::thread::spawn;

use rust_i18n::{t, set_locale};

rust_i18n::i18n!("locales", fallback = "en");

fn main() {
    set_locale("fr");
    spawn(|| {
        let mut i = 0u32;
        loop {
            i = i.wrapping_add(1);
            if i % 2 == 0 {
                set_locale(&format!("en-{i}"));
            } else {
                set_locale(&format!("fr-{i}"));
            }
        }
    });
    spawn(|| {
        loop {
            t!("hello");
        }
    });
}

cargo r -r

malloc(): unaligned fastbin chunk detected
Aborted

cargo +nightly miri r

error: Undefined Behavior: not granting access to tag <108954> because that would remove [Unique for <111597>] which is strongly protected because it is an argument of call 53836
   --> /home/kijewski/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/ptr/non_null.rs:399:18
    |
399 |         unsafe { &*self.as_ptr().cast_const() }
    |                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ not granting access to tag <108954> because that would remove [Unique for <111597>] which is strongly protected because it is an argument of call 53836
    |
    = help: this indicates a potential bug in the program: it performed an invalid operation, but the Stacked Borrows rules it violated are still experimental
    = help: see https://github.com/rust-lang/unsafe-code-guidelines/blob/master/wip/stacked-borrows.md for further information
Kijewski commented 10 months ago

I reported the bug to https://github.com/rustsec/advisory-db/pull/1855 because your otherwise great crate is widely used.