fix(napi): potential double free issue #1679
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hi,
I found a memory-safety/soundness issue in this crate while scanning Rust code for potential vulnerabilities. This PR contains a fix for the issue.
Issue Description
napi-rs/crates/napi/src/bindgen_runtime/module_register.rs
Lines 64 to 70 in 30534d4
napi-rs/crates/napi/src/bindgen_runtime/module_register.rs
Lines 50 to 57 in 30534d4
If a panic!() occurs between the
Vec::from_raw_parts
function, including theVec::from_raw_parts
function itself, andstd::mem::forget
, a double free vulnerability emerges.Fix
In Rust,
std::mem::forget
does not actually free the memory, instead it simply allows the memory to leak. This can lead to double free when the data object goes out of scope and its destructor is called automatically. The modification here usesstd::mem::ManuallyDrop
to wrap data. This ensures that data will not be automatically dropped when it goes out of scope, thus avoiding a double free scenario. WithManuallyDrop
, we explicitly state that the data variable should not be dropped, thus avoiding any potential double free issues.