Skip to content

Fix variable deallocation order in panic unwinding paths #149434

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Fix variable deallocation order in panic unwinding paths #149434

wants to merge 1 commit into from

Conversation

@sladyn98
Copy link
Contributor

@sladyn98 sladyn98 commented Nov 28, 2025
edited by rustbot
Loading

This PR fixes a soundness bug where local variables are deallocated out of order during panic unwinding, allowing destructors to access freed memory. This violates Rust's safety guarantees and has caused real-world unsoundness in crates like generatively.

This PR removes the is_generator check and unconditionally emits StorageDead statements during unwinding for ALL functions, bringing non-generator behavior in line with generators. It ensures that during unwinding, when a local variable goes out of scope, its storage is properly marked as dead via StorageDead, allowing the borrow checker to enforce the
invariant that values must outlive their references even in panic paths.

Fixes #147875

@rustbot rustbot added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. labels Nov 28, 2025
@rustbot
Copy link
Collaborator

rustbot commented Nov 28, 2025

r? @jdonszelmann

rustbot has assigned @jdonszelmann.
They will have a look at your PR within the next two weeks and either review your PR or reassign to another reviewer.

Use r? to explicitly pick a reviewer

@rustbot
Copy link
Collaborator

rustbot commented Nov 28, 2025

⚠️ Warning ⚠️

@sladyn98
Copy link
Contributor Author

sladyn98 commented Nov 28, 2025

r? @dianne

@rustbot rustbot assigned dianne and unassigned jdonszelmann Nov 28, 2025
@sladyn98
Copy link
Contributor Author

sladyn98 commented Nov 28, 2025

CC @traviscross

@sladyn98 sladyn98 closed this Nov 29, 2025
@rustbot rustbot removed the S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. label Nov 29, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@dianne dianne

Labels

T-compiler Relevant to the compiler team, which will review and decide on the PR/issue.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Local variable deallocated out of order in the panic path?

4 participants

@sladyn98 @rustbot @jdonszelmann @dianne