fix(rs-sdk-ffi): prevent heap corruption from Vec capacity mismatch in FFI#3289
Conversation
Add tests demonstrating that `DashSDKResult::success_binary()` discards the Vec's capacity, causing `dash_sdk_binary_data_free` to reconstruct the Vec with `len` used as `capacity`. When the original Vec had capacity > len, the free function passes the wrong allocation size to the deallocator -- undefined behavior per the `GlobalAlloc` contract. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
Warning Rate limit exceeded
⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (7)
✨ Finishing Touches🧪 Generate unit tests (beta)
📝 Coding Plan
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Use into_boxed_slice() + Box::into_raw() instead of as_ptr() + mem::forget() when passing Vec data across the FFI boundary. This guarantees capacity == len so that free functions can safely reconstruct with Vec::from_raw_parts(ptr, len, len). Previously, success_binary() and several other FFI serialization paths captured the Vec pointer and length but discarded capacity. The corresponding free functions reconstructed with len as capacity, which is undefined behavior when the original Vec had capacity > len. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
✅ DashSDKFFI.xcframework built for this PR.
SwiftPM (host the zip at a stable URL, then use): .binaryTarget(
name: "DashSDKFFI",
url: "https://your.cdn.example/DashSDKFFI.xcframework.zip",
checksum: "43cddd79416f3aa2f45c74767933e77caab4f0710aff7750671936144b66cdbe"
)Xcode manual integration:
|
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## v3.1-dev #3289 +/- ##
============================================
- Coverage 70.42% 68.28% -2.15%
============================================
Files 3293 3293
Lines 262598 262598
============================================
- Hits 184935 179310 -5625
- Misses 77663 83288 +5625
🚀 New features to boost your workflow:
|
Summary
Vec::from_raw_partswas called with wrong capacity in FFI free functionsinto_boxed_slice()to guaranteecapacity == lenbefore crossing FFI boundaryIssue
success_binary()captured Vec'slenand pointer viamem::forget()but discardedcapacity. The free function reconstructed withVec::from_raw_parts(ptr, len, len), passinglenas capacity. When the original Vec hadcapacity > len, the allocator received wrong deallocation size (UB).Test plan
🤖 Generated with Claude Code