Skip to content

invalid free with uniq-by-ref #969

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
jruderman opened this issue Sep 24, 2011 · 5 comments
Closed

invalid free with uniq-by-ref #969

jruderman opened this issue Sep 24, 2011 · 5 comments
Assignees
@brson

Comments

@jruderman
Copy link
Contributor 

fn f(&i: ~int) { i = ~2; }
fn main() { f(~1); }

unique-fn-arg-mut_expr_8_12(66672,0xb060b000) malloc: *** error for object 0x1000000: pointer being freed was not allocated

(Based on src/test/run-pass/unique-fn-arg-mut.rs. The important change is not assigning ~1 to a local before passing it to f.)
@ghost ghost assigned brson Sep 24, 2011
@brson
Copy link
Contributor

brson commented Sep 24, 2011

Similarly, assigning a shared box to a mutable reference:

fn f(&i: @int) { i = @2; }
fn main() { f(@1); }

rt: fatal, 'leaked memory in rust main loop (1 objects)' failed, ../src/rt/memory_region.cpp:131 1 objects

@brson
Copy link
Contributor

brson commented Sep 25, 2011

So I think the problem is that immediates are spilled so they can be used as references, then the callee changes that spilled value; afterwards, the caller runs a cleanup which respills the old pointer.

@brson
Copy link
Contributor

brson commented Sep 25, 2011

Since this only affects mutating references to temporaries I kind of think we should just disallow it.

@marijnh
Copy link
Contributor

marijnh commented Sep 26, 2011

Disallowing moving out of temporaries will break a lot of existing code, and for no good reason. The compiler can see that it's dealing with a temporary (lval_result.is_mem is false iff the value is a temporary) and can simply revoke the cleanup on the caller side (I thought it was already doing that).

@marijnh
Copy link
Contributor

marijnh commented Sep 26, 2011

Hold on, I misread the example code, thinking it was passing by move. Passing a temporary by mutable value is indeed disallowed, but there was a bug in the mut checker that made it fail to catch that. This is fixed in 6164b72, which I guess closes this issue.

@marijnh marijnh closed this as completed Sep 26, 2011
bors pushed a commit to rust-lang-ci/rust that referenced this issue Oct 26, 2020
@bjorn3
Set RUSTDOCFLAGS
6f9a4fd 
Fixes rust-lang#969
coastalwhite pushed a commit to coastalwhite/rust that referenced this issue Aug 5, 2023
@tmiasko
Avoid calling intrinsics with invalid const arguments (rust-lang#969)
3231a90
celinval pushed a commit to celinval/rust-dev that referenced this issue Jun 4, 2024
@adpaco-aws @tedinski
Documentation: Structural changes (rust-lang#969)
fc87d91 
* Documentation: Structural changes

* Rename "Verification results" examples

* Revert some changes

* Add suggestions on usage

* Rename: "Limitations"->"Rust feature support"

* Undo example path renaming to introduction
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@brson brson

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@marijnh @brson @jruderman