Skip to content

fix assign_to double drop when drop panics#23833

Open
nitzan-treg wants to merge 1 commit intobevyengine:mainfrom
nitzan-treg:fix/23500-bevyptrmovingptrassignto-can-cause-doubl
Open

fix assign_to double drop when drop panics#23833
nitzan-treg wants to merge 1 commit intobevyengine:mainfrom
nitzan-treg:fix/23500-bevyptrmovingptrassignto-can-cause-doubl

Conversation

@nitzan-treg
Copy link
Copy Markdown

@nitzan-treg nitzan-treg commented Apr 16, 2026
edited by alice-i-cecile
Loading

hey, saw #23500 and took a look

replaced the manual drop_in_place + write_to in assign_to with a simple *dst = self.read(). the old code would drop dst first and if that panicked you'd end up with a freed pointer still accessible, which is UB. using rust's assignment operator keeps things safe since the drop and write are handled together properly

fixes #23500

@nitzan-treg
fix assign_to double drop when drop panics
4023986 
`replaced the manual drop_in_place + write_to in assign_to with a simple *dst = self.read(). the old code would drop dst first and if that panicked you'd end up with a freed pointer still accessible, which is ub. using rust's assignment operator keeps things safe since the drop and write are handled together properly`

Signed-off-by: nitzan-treg <nitzan.tregerman@gmail.com>
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 16, 2026

Welcome, new contributor!

Please make sure you've read our contributing guide, as well as our policy regarding AI usage, and we look forward to reviewing your pull request shortly ✨

@alice-i-cecile
Copy link
Copy Markdown
Member

alice-i-cecile commented Apr 16, 2026

@KyleDavidE, I'd appreciate your review here as the person who spotted this :)

@alice-i-cecile alice-i-cecile added P-Unsound A bug that results in undefined compiler behavior A-Pointers Relating to Bevy pointer abstractions D-Modest A "normal" level of difficulty; suitable for simple features or challenging fixes D-Unsafe Touches with unsafe code in some way S-Needs-Review Needs reviewer attention (from anyone!) to move forward labels Apr 16, 2026
@KyleDavidE
Copy link
Copy Markdown

KyleDavidE commented Apr 16, 2026

I as mentioned in the issue I will flag that in the case that T has drop glue, this copies self to the stack before dropping dst, but I don't think it is possible to do better without introducing new unsafe code, which seeing as this function is unused is probably fine.

@alice-i-cecile
Copy link
Copy Markdown
Member

alice-i-cecile commented Apr 16, 2026

My current preference remains to simply delete this code completely. We should not be keeping around unused unsafe code in a crate that has very few external users.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

A-Pointers Relating to Bevy pointer abstractions D-Modest A "normal" level of difficulty; suitable for simple features or challenging fixes D-Unsafe Touches with unsafe code in some way P-Unsound A bug that results in undefined compiler behavior S-Needs-Review Needs reviewer attention (from anyone!) to move forward

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

bevy_ptr::MovingPtr::assign_to can cause double drops / use after free

3 participants

@nitzan-treg @alice-i-cecile @KyleDavidE