On Mon, Jun 23, 2025 at 03:40:05PM +0200, Benno Lossin wrote:
> On Mon Jun 23, 2025 at 2:51 PM CEST, Danilo Krummrich wrote:
> > On Mon, Jun 23, 2025 at 12:01:14PM +0000, Alice Ryhl wrote:
> >> On Sun, Jun 22, 2025 at 06:40:41PM +0200, Danilo Krummrich wrote:
> >> > +pub fn register_release<P>(dev: &Device<Bound>, data: P) -> Result
> >> > +where
> >> > + P: ForeignOwnable,
> >> > + for<'a> P::Borrowed<'a>: Release,
> >>
> >> I think we need where P: ForeignOwnable + 'static too.
> >>
> >> otherwise I can pass something with a reference that expires before the
> >> device is unbound and access it in the devm callback as a UAF.
> >
> > I can't really come up with an example for such a case, mind providing one? :)
>
> {
> let local = MyLocalData { /* ... */ };
> let data = Arc::new(Data { r: &local });
> devres::register_release(dev, data)?;
> }
> // devres still holds onto `data`, but that points at `MyLocalData`
> // which is on the stack and freed here...
Thanks for providing the example, I think I slightly misunderstood. Gonna add
the corresponding lifetime bound.
