- Reported
-
- Issued
-
- Package
-
hivex
(crates.io)
- Type
-
INFO
Unsound
- Keywords
-
#double-free
#use-after-free
#undefined-behavior
- References
-
- Patched
-
- Affected Functions
- Version
hivex::Hive::close
-
hivex::Hive::from_handle
-
Description
Drop implementation for Hive did perform free, but so did Hive::close, which,
at the end of the scope performed Drop, therefore triggering double-free.
Additionally, function Hive::from_handle was not marked as unsafe, making it,
in combination with as_handle easy to clone and trigger double-free in safe
code or triggering UB when using invalid pointer.
Advisory available under CC0-1.0
license.