Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Safety mistake? when calling binding function #232

Open
ozgrakkurt opened this issue Sep 5, 2023 · 6 comments
Open

Safety mistake? when calling binding function #232

ozgrakkurt opened this issue Sep 5, 2023 · 6 comments

Comments

@ozgrakkurt
Copy link
Contributor

Shouldn't this be marked unsafe?

node-bindgen/nj-core/src/basic.rs

Line 328 in 952a08a

pub fn create_reference(&self, cons: napi_value, count: u32) -> Result<napi_ref, NjError> {

If it call this with a null pointer or something like that, it is ub?
@digikata
Copy link
Collaborator

digikata commented Sep 5, 2023

It looks like create_reference is intended to set the pointer, so as long as the allocated pointer size is consistent and create_reference isn't trying to deref that pointer it seems ok. But thats and assumption, the code to create_reference should be checked.

@sehz
Copy link
Collaborator

sehz commented Sep 5, 2023
edited
Loading

macro napi_call_result already encapsulates unsafe thus caller can avoid it. See https://doc.rust-lang.org/book/ch19-01-unsafe-rust.html

@ozgrakkurt
Copy link
Contributor Author

But the cons arg is a raw pointer so theoretically some user can pass anything in there and then it can be safety issue because there is no check about validity of that pointer. Also checked napi docs but it doesn't say anything

@sehz
Copy link
Collaborator

sehz commented Sep 5, 2023

I guess we can mark as unsafe

@digikata
Copy link
Collaborator

digikata commented Sep 5, 2023

It seems like there is a implicit conversion from ptr -> napi_ref that the lib should maybe make more explicit so any ptr can't be converted. If the creation of napi_ref was more protected, then it might be more secure to use the napi_ref. Is create_reference the only way to end up with a napi_ref?

@ozgrakkurt
Copy link
Contributor Author

It seems like there is a implicit conversion from ptr -> napi_ref that the lib should maybe make more explicit so any ptr can't be converted. If the creation of napi_ref was more protected, then it might be more secure to use the napi_ref. Is create_reference the only way to end up with a napi_ref?

I am looking into how to make it safe, also meanwhile working on temporary fix to segfault issue.

This kind of safety issue is everywhere in the library so seems like we would need to do big refactor to fix it.

For example this also seems unsafe to me:

node-bindgen/nj-core/src/basic.rs

Line 377 in 952a08a

pub fn unwrap<T>(&self, js_this: napi_value) -> Result<&'static T, NjError> {

not sure who has the ownership of the T value after this call

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@digikata @sehz @ozgrakkurt