BlackDuck scan reports this as a Use After Free Vulnerability #14652

kumaran-id-git · 2025-05-08T14:09:48Z

kumaran-id-git
May 8, 2025

https://github.com/microsoft/react-native-windows/blame/cc126e4e42ed2dea020655264af0cfb5b1d6ea12/vnext/Mso/src/future/futureImpl.cpp

Static Scan by BlackDuck reports this as a Use After Free Vulnerability

// "this->Mso::Futures::FutureCallback::~FutureCallback()" manually destructs "this".
this->~FutureCallback();
// Passing freed pointer "this" as an argument to "GetFutureImpl".
GetFutureImpl(this)->Release();
}

Answered by chrisglein

May 8, 2025

Interesting find. Here's the specific line:
https://github.com/microsoft/react-native-windows/blame/cc126e4e42ed2dea020655264af0cfb5b1d6ea12/vnext/Mso/src/future/futureImpl.cpp#L1006

Invoking the destructor won't actually release the object. It's a little strange, but not necessarily wrong. But... worth looking at! @vmoroz give this a look?

View full answer

chrisglein · 2025-05-08T16:58:51Z

chrisglein
May 8, 2025
Maintainer

Interesting find. Here's the specific line:
https://github.com/microsoft/react-native-windows/blame/cc126e4e42ed2dea020655264af0cfb5b1d6ea12/vnext/Mso/src/future/futureImpl.cpp#L1006

Invoking the destructor won't actually release the object. It's a little strange, but not necessarily wrong. But... worth looking at! @vmoroz give this a look?

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

BlackDuck scan reports this as a Use After Free Vulnerability #14652

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

BlackDuck scan reports this as a Use After Free Vulnerability #14652

Uh oh!

Uh oh!

kumaran-id-git May 8, 2025

Replies: 1 comment

Uh oh!

chrisglein May 8, 2025 Maintainer

kumaran-id-git
May 8, 2025

chrisglein
May 8, 2025
Maintainer