StrcCtx deallocates a memory region that it doesn't own

[Qwaz]

rust-arch/alpm-rs/src/macros.rs

Lines 18 to 38 in 8458c22

	// createates a raw c-string
	// and deallocates it in the deconstructor
	pub struct StrcCtx{
	pub ptr: *mut c_char,
	}
	impl StrcCtx {
	pub fn new(s: &str) -> StrcCtx{
	StrcCtx{
	ptr: strc_noctx!(s),
	}
	}
	}
	impl Drop for StrcCtx{
	fn drop(&mut self) {
	unsafe{
	let _ = str_fromraw!(self.ptr);
	}
	}
	}

Description

StrcCtx deallocate a memory region that it doesn't own when StrcCtx is created without using StrcCtx::new.
This can introduce memory safety issues such as double-free and use-after-free to client programs.

Demonstration

Crate: alpm-rs
Version: 0.1.24
OS: Ubuntu 18.04.5 LTS
Rust: rustc 1.45.2 (d3fb005a3 2020-07-31)

#![forbid(unsafe_code)]

use alpm_rs::macros::StrcCtx;

fn main() {
    let mut v1: Vec<i8> = vec![1, 2, 3, 0];
    let _ = StrcCtx {
        ptr: v1.as_mut_ptr(),
    };

    // use-after-free in v1
    // v1 and v2 are backed by the same buffer
    let v2: Vec<i8> = vec![4, 5, 6, 0];

    let measure1 = v2[0];
    v1[0] = 123;
    let measure2 = v2[0];

    assert_eq!(measure1, measure2);
}

Output:

thread 'main' panicked at 'assertion failed: `(left == right)`
  left: `4`,
 right: `123`', src/main.rs:38:5
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Return Code: 101

[Morganamilo]

I understand this comes from a run of Rudra, but this repo seems rather unfinished and dead. There are official alpm bindings at https://github.com/archlinux/alpm.rs. This repo should probably be archived if the author is still around.