mikros/rust
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix zero-sized reference to deallocated memory

Browse Source 
fixes #91772
This commit is contained in:
The 8472 2021-12-11 17:10:56 +01:00
parent 4a66a704b2
commit 9063b64cff
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
library/alloc/src/vec/drain.rs
View File

@ -128,10 +128,6 @@ fn drop(&mut self) {
let iter = mem::replace(&mut self.iter, (&mut []).iter());
let drop_len = iter.len();
let drop_ptr = iter.as_slice().as_ptr();
// forget iter so there's no aliasing reference
drop(iter);
let mut vec = self.vec;
@ -155,6 +151,12 @@ fn drop(&mut self) {
return;
}
// as_slice() must only be called when iter.len() is > 0 because
// vec::Splice modifies vec::Drain fields and may grow the vec which would invalidate
// the iterator's internal pointers. Creating a reference to deallocated memory
// is invalid even when it is zero-length
let drop_ptr = iter.as_slice().as_ptr();
unsafe {
// drop_ptr comes from a slice::Iter which only gives us a &[T] but for drop_in_place
// a pointer with mutable provenance is necessary. Therefore we must reconstruct