Merge pull request #571 from CosmWasm/fix-ptr-bug

Fix pointer problem
CosmWasm · Nov 13, 2024 · 7ba94cd · 7ba94cd
2 parents cb4b649 + ca5f3d3
commit 7ba94cd
Showing 1 changed file with 20 additions and 6 deletions.
diff --git a/libwasmvm/src/memory.rs b/libwasmvm/src/memory.rs
@@ -217,10 +217,18 @@ impl UnmanagedVector {
         match source {
             Some(data) => {
                 let (ptr, len, cap) = {
-                    // Can be replaced with Vec::into_raw_parts when stable
-                    // https://doc.rust-lang.org/std/vec/struct.Vec.html#method.into_raw_parts
-                    let mut data = mem::ManuallyDrop::new(data);
-                    (data.as_mut_ptr(), data.len(), data.capacity())
+                    if data.capacity() == 0 {
+                        // we need to explicitly use a null pointer here, since `as_mut_ptr`
+                        // always returns a dangling pointer (e.g. 0x01) on an empty Vec,
+                        // which trips up Go's pointer checks.
+                        // This is safe because the Vec has not allocated, so no memory is leaked.
+                        (std::ptr::null_mut::<u8>(), 0, 0)
+                    } else {
+                        // Can be replaced with Vec::into_raw_parts when stable
+                        // https://doc.rust-lang.org/std/vec/struct.Vec.html#method.into_raw_parts
+                        let mut data = mem::ManuallyDrop::new(data);
+                        (data.as_mut_ptr(), data.len(), data.capacity())
+                    }
                 };
                 Self {
                     is_none: false,
@@ -261,6 +269,12 @@ impl UnmanagedVector {
     pub fn consume(self) -> Option<Vec<u8>> {
         if self.is_none {
             None
+        } else if self.cap == 0 {
+            // capacity 0 means the vector was never allocated and
+            // the ptr field does not point to an actual byte buffer
+            // (we normalize to `null` in `UnmanagedVector::new`),
+            // so no memory is leaked by ignoring the ptr field here.
+            Some(Vec::new())
         } else {
             Some(unsafe { Vec::from_raw_parts(self.ptr, self.len, self.cap) })
         }
@@ -349,7 +363,7 @@ mod test {
         // Empty data
         let x = UnmanagedVector::new(Some(vec![]));
         assert!(!x.is_none);
-        assert_eq!(x.ptr as usize, 0x01); // We probably don't get any guarantee for this, but good to know where the 0x01 marker pointer can come from
+        assert_eq!(x.ptr as usize, 0);
         assert_eq!(x.len, 0);
         assert_eq!(x.cap, 0);
 
@@ -373,7 +387,7 @@ mod test {
         // Empty data
         let x = UnmanagedVector::some(vec![]);
         assert!(!x.is_none);
-        assert_eq!(x.ptr as usize, 0x01); // We probably don't get any guarantee for this, but good to know where the 0x01 marker pointer can come from
+        assert_eq!(x.ptr as usize, 0);
         assert_eq!(x.len, 0);
         assert_eq!(x.cap, 0);
     }