From a6d7f72070102980c81059bac99b32cf94eefe3a Mon Sep 17 00:00:00 2001 From: Rubens Brandao Date: Wed, 22 May 2024 13:00:26 -0300 Subject: [PATCH 1/2] fix double-free with `Array` --- rust/src/disassembly.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rust/src/disassembly.rs b/rust/src/disassembly.rs index 1fd51cee9..6825d7edd 100644 --- a/rust/src/disassembly.rs +++ b/rust/src/disassembly.rs @@ -268,14 +268,14 @@ impl Drop for InstructionTextToken { impl CoreArrayProvider for InstructionTextToken { type Raw = BNInstructionTextToken; type Context = (); - type Wrapped<'a> = Self; + type Wrapped<'a> = &'a Self; } unsafe impl CoreArrayProviderInner for InstructionTextToken { unsafe fn free(raw: *mut Self::Raw, count: usize, _context: &Self::Context) { BNFreeInstructionText(raw, count) } unsafe fn wrap_raw<'a>(raw: &'a Self::Raw, _context: &'a Self::Context) -> Self::Wrapped<'a> { - Self(*raw) + core::mem::transmute(raw) } } From 5ae2db4a5be76bf68e81e0fa98e3751657b8ee40 Mon Sep 17 00:00:00 2001 From: Rubens Brandao Date: Tue, 4 Jun 2024 12:34:10 -0300 Subject: [PATCH 2/2] fix double free caused by Array --- rust/src/disassembly.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rust/src/disassembly.rs b/rust/src/disassembly.rs index 6825d7edd..688a5374f 100644 --- a/rust/src/disassembly.rs +++ b/rust/src/disassembly.rs @@ -282,14 +282,14 @@ unsafe impl CoreArrayProviderInner for InstructionTextToken { impl CoreArrayProvider for Array { type Raw = BNInstructionTextLine; type Context = (); - type Wrapped<'a> = Self; + type Wrapped<'a> = mem::ManuallyDrop; } unsafe impl CoreArrayProviderInner for Array { unsafe fn free(raw: *mut Self::Raw, count: usize, _context: &Self::Context) { BNFreeInstructionTextLines(raw, count) } unsafe fn wrap_raw<'a>(raw: &'a Self::Raw, _context: &'a Self::Context) -> Self::Wrapped<'a> { - Self::new(raw.tokens, raw.count, ()) + mem::ManuallyDrop::new(Self::new(raw.tokens, raw.count, ())) } }