Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Imprecise error message when doing inbounds pointer arithmetic on pointer to freed allocation #2859

Closed
DoubleHyphen opened this issue Apr 27, 2023 · 2 comments
Closed

Imprecise error message when doing inbounds pointer arithmetic on pointer to freed allocation #2859

DoubleHyphen opened this issue Apr 27, 2023 · 2 comments

Comments

@DoubleHyphen
Copy link

This is probably rather niche, but it seems like a low-hanging fruit.
Here is a code example:

    let x: *const u8 = {
        let a = 0u8;
        &a
    };
    unsafe 
    {
        let x = x.add(0);
    }

Error message

error: Undefined Behavior: pointer to alloc1494 was dereferenced after this allocation got freed

Except… nothing was dereferenced. The pointer's value didn't even change.

From what I gathered by reading the documentation, .add creates immediate UB if it outputs a pointer whose dereferencing would be illegal, which is exactly the case here; indeed, although the value doesn't change, it's UB according to the documentation. But it's not exactly correct to claim that it was dereferenced when it wasn't.
@RalfJung
Copy link
Member

Yeah, the code that checks dereferencability and offset-inbounds is shared but clearly we should differentiate this for the error message. We do this successfully (I think) for the message saying that the pointer is no in-bounds, but use-after-free is checked earlier. Probably PointerUseAfterFree should also take a CheckInAllocMsg.

@RalfJung RalfJung changed the title Imprecise error message when creating dangling pointer with add Imprecise error message when doing inbounds pointer arithmetic on pointer to freed allocation Apr 28, 2023
@RalfJung RalfJung mentioned this issue May 1, 2023
Merged
@DoubleHyphen
Copy link
Author

Just tried this again on the playground. This time it failed with

error: Undefined Behavior: out-of-bounds pointer arithmetic: alloc1290 has been freed, so this pointer is dangling

which is pretty much all it needs to say. Closing issue as a result.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@RalfJung @DoubleHyphen