hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 08:43:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

Rust: Add test case for rust/access-after-lifetime-ended involving an invalidated reference.

Browse Source
This commit is contained in:
Geoffrey White
2025-12-09 14:32:12 +00:00
committed by Simon Friis Vindum
parent ade7815125
commit 506a1ea0b8
2 changed files with 29 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
rust/ql/test/query-tests/security/CWE-825/deallocation.rs
View File

@@ -403,3 +403,29 @@ pub fn test_vec_reserve() {
println!(" v4 = {}", v4); // corrupt in practice
}
}
// --- pointer to reference ---
pub fn test_pointer_converted_to_reference() {
let layout = std::alloc::Layout::new::<u128>();
let m3;
// allocate
unsafe {
let m1 = std::alloc::alloc(layout); // *mut u8
let m2 = m1 as *mut u128; // *mut u128
m3 = &mut *m2; // &u128
}
*m3 = 1; // GOOD
println!(" v1 = {}", *m3); // GOOD
// free
unsafe {
std::alloc::dealloc((&raw mut *m3) as *mut u8, layout); // $ MISSING: Source[rust/access-invalid-pointer]=dealloc
}
// (m1, m2, m3 are now dangling)
// (this is corrupt in practice)
println!(" v2 = {} (!)", *m3); // $ MISSING: Alert[rust/access-invalid-pointer]=dealloc
}

3
rust/ql/test/query-tests/security/CWE-825/main.rs
View File

@@ -143,6 +143,9 @@ fn main() {
println!("test_vec_reserve:");
test_vec_reserve();
println!("test_pointer_converted_to_reference:");
test_pointer_converted_to_reference();
// ---
println!("test_local_dangling:");