From cd53ad6128af4e0a72210b64247b7c650687150c Mon Sep 17 00:00:00 2001 From: kuzeyardabulut <54737933+kuzeyardabulut@users.noreply.github.com> Date: Mon, 7 Aug 2023 19:00:09 +0300 Subject: [PATCH] Fixing Potential Double Free Issue (#517) * Fix Potential Double Free Co-authored-by: Daniel Henry-Mantilla --- notify/src/windows.rs | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/notify/src/windows.rs b/notify/src/windows.rs index a6c00030..ba0f1df6 100644 --- a/notify/src/windows.rs +++ b/notify/src/windows.rs @@ -278,7 +278,7 @@ fn start_read(rd: &ReadData, event_handler: Arc>, handle }; unsafe { - let mut overlapped: Box = Box::new(mem::zeroed()); + let mut overlapped = std::mem::ManuallyDrop::new(Box::new(mem::zeroed::())); // When using callback based async requests, we are allowed to use the hEvent member // for our own purposes @@ -295,19 +295,18 @@ fn start_read(rd: &ReadData, event_handler: Arc>, handle monitor_subdir, flags, &mut 0u32 as *mut u32, // not used for async reqs - &mut *overlapped as *mut OVERLAPPED, + (&mut **overlapped) as *mut OVERLAPPED, Some(handle_event), ); if ret == 0 { // error reading. retransmute request memory to allow drop. - // allow overlapped to drop by omitting forget() + // Because of the error, ownership of the `overlapped` alloc was not passed + // over to `ReadDirectoryChangesW`. + // So we can claim ownership back. + let _overlapped_alloc = std::mem::ManuallyDrop::into_inner(overlapped); let request: Box = mem::transmute(request_p); - ReleaseSemaphore(request.data.complete_sem, 1, ptr::null_mut()); - } else { - // read ok. forget overlapped to let the completion routine handle memory - mem::forget(overlapped); } } }