-
Notifications
You must be signed in to change notification settings - Fork 783
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reference to ReleasePool can be broken #271
Comments
Regarding Option 2: Would this still support wrapping object Also Option 3: LinkedList. This is similar to option 1, but interesting regarding performance. (You could make a science out of this an try linked fixed size slices, but for now it's definitely safety and simplicity over performance) |
I can't imagine any problem around that...
Sounds good to me, though it's slower than Vec. |
Option 3 can be amortized with a linked-list of preallocated buffers using the indexed crate |
|
Ah I understand, thanks. |
This seems to be a case of a use-after-free, which is an exploitable security vulnerability. Please add this issue to the Rust security advisory database so people could check if they're running a vulnerable version and upgrade. I see you've fixed a bunch of segfaults lately, so you might want to just specify the range of affected versions and declare that those shouldn't be used instead of filing each and every one as a separate vulnerability. |
Please see #159 (comment) for detail.
Currently,
register_owned/borrowed/pointer
methods returns a reference to an element inVec
, like.
But, since
Vec
's inner address can be changed byrealloc
, this reference can be invalid one, and causes segfault like #158.There can be some solutions for this.
1. Wrap by box
Current definition of release pool
to
so that each objects have a consistent address.
Then we can get a consistent reference by
advantage
Easy
disadvantage
Allocation overhead
2. Remove ReleasePool
Remove release pool and rewrite all PyObject wrapper like
PyDict
andPyList
to have a lifetime'py
.E.g.
And also rewrite all constructors to return owned type instead of returning
&'py
.E.g.
advantages
Ergonomics improves
No overhead
disadvantage
Really big breaking change
The text was updated successfully, but these errors were encountered: