Fix Lexer::clone leak and UB + tests
#390
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
`Lexer::clone` shouldn't clone the inner `ManuallyDrop`, because doing so clones the inner value, which is moved out in `Lexer::next`. This causes use-after-free if the lexer is cloned after the last-returned token is dropped, especially if the token contains an overridden implementation of `Clone` (such as `Rc`) that tries to read the dropped data. It causes a memory leak if the token contains a heap-allocated value, because cloning makes a new allocation. This allocation is in the `ManuallyDrop` and it's guaranteed to be overridden before the call to `ManuallyDrop::take`, so it's never freed. Another thing: maciejhirsz#263 (make `Lexer` implement `Copy`) probably should be added (referencing here because it looks like the issue has been forgotten).
|
Hello @Jakobeha, thank you for this very comprehensive analysis! But, if I understand well, then cloning |
|
Cloning can be used as a kind of lookahead: the cloned lexer will return the exact same tokens that would be returned by the original lexer without advancing the original (provided the lexing functions are pure). One can also I'm not sure if it's the most efficient way to implement a lookahead (I don't know the performance vs storing an array of spans and tokens and then making The same thing (creating a "lookahead" lexer) can also be done using let mut clone = Lexer::with_extras(original.source(), original.extras);
clone.bump(original.span().end);Though it's less convenient, especially if the lexer is wrapped in another data structure, because then Related, I also thought about |
maciejhirsz
approved these changes
May 3, 2024
|
This is a pretty good catch! FWIW whenever the mythical rewrite happens that turns all the internal gotos from functions to |
akrantz01
pushed a commit
to akrantz01/antsi
that referenced
this pull request
Aug 2, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [logos](https://logos.maciej.codes/) ([source](https://togithub.com/maciejhirsz/logos)) | dependencies | patch | `0.14.0` -> `0.14.1` | --- ### Release Notes <details> <summary>maciejhirsz/logos (logos)</summary> ### [`v0.14.1`](https://togithub.com/maciejhirsz/logos/releases/tag/v0.14.1): 0.14.1 - Debug feature and fixes #### What's Changed - fix(doc): reset logos2 to logos by [@​jeertmans](https://togithub.com/jeertmans) in [maciejhirsz/logos#372 - chore(book): add JSON-borrowed parser example by [@​jeertmans](https://togithub.com/jeertmans) in [maciejhirsz/logos#373 - Add Rc<T> and Arc<T> sources by [@​InfiniteCoder01](https://togithub.com/InfiniteCoder01) in [maciejhirsz/logos#340 - Fix unicode dot by [@​RustyYato](https://togithub.com/RustyYato) in [maciejhirsz/logos#376 - chore(docs): cleanup examples by [@​jeertmans](https://togithub.com/jeertmans) in [maciejhirsz/logos#381 - chore(lib): add debug feature by [@​jeertmans](https://togithub.com/jeertmans) in [maciejhirsz/logos#382 - Cleanup unused Source features by [@​kmicklas](https://togithub.com/kmicklas) in [maciejhirsz/logos#335 - chore(deps): bump peaceiris/actions-mdbook from 1 to 2 by [@​dependabot](https://togithub.com/dependabot) in [maciejhirsz/logos#387 - Fix `Lexer::clone` leak and UB + tests by [@​Jakobeha](https://togithub.com/Jakobeha) in [maciejhirsz/logos#390 - fix(lib): correctly handle miss for loop in loop by [@​lukas-code](https://togithub.com/lukas-code) in [maciejhirsz/logos#393 - chore(lib): remove error branch from LUT if it is unreachable by [@​RustyYato](https://togithub.com/RustyYato) in [maciejhirsz/logos#386 - fix(docs): typo by [@​joerivanruth](https://togithub.com/joerivanruth) in [maciejhirsz/logos#396 - chore(docs): Adds graph debug documentation to book by [@​afreeland](https://togithub.com/afreeland) in [maciejhirsz/logos#379 - chore: drop python linting frmo pre-commit-config by [@​LeoDog896](https://togithub.com/LeoDog896) in [maciejhirsz/logos#403 - refactor: don't use deprecated max_value() method by [@​LeoDog896](https://togithub.com/LeoDog896) in [maciejhirsz/logos#404 - chore(version): bump logos version to 0.14.1 by [@​jeertmans](https://togithub.com/jeertmans) in [maciejhirsz/logos#409 - fix(docs): change old 0.14.0 by [@​jeertmans](https://togithub.com/jeertmans) in [maciejhirsz/logos#410 #### New Contributors - [@​InfiniteCoder01](https://togithub.com/InfiniteCoder01) made their first contribution in [maciejhirsz/logos#340 - [@​RustyYato](https://togithub.com/RustyYato) made their first contribution in [maciejhirsz/logos#376 - [@​Jakobeha](https://togithub.com/Jakobeha) made their first contribution in [maciejhirsz/logos#390 - [@​lukas-code](https://togithub.com/lukas-code) made their first contribution in [maciejhirsz/logos#393 - [@​joerivanruth](https://togithub.com/joerivanruth) made their first contribution in [maciejhirsz/logos#396 - [@​afreeland](https://togithub.com/afreeland) made their first contribution in [maciejhirsz/logos#379 - [@​LeoDog896](https://togithub.com/LeoDog896) made their first contribution in [maciejhirsz/logos#403 **Full Changelog**: maciejhirsz/logos@v0.14...v0.14.1 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/akrantz01/antsi). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
](https://renovatebot.com){kind=link}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Lexer::cloneshouldn't clone the innerManuallyDrop, because doing so clones the inner value, which is moved out inLexer::next.This causes use-after-free if the lexer is cloned after the last-returned token is dropped, especially if the token contains an overridden implementation of
Clone(such asRc) that tries to read the dropped data.It causes a memory leak if the token contains a heap-allocated value, because cloning makes a new allocation. This allocation is in the
ManuallyDropand it's guaranteed to be overridden before the call toManuallyDrop::take, so it's never freed.Another thing: #263 (make
LexerimplementCopy) probably should be added (referencing here because it looks like the issue has been forgotten).