|
| 1 | +#feature on safety |
| 2 | + |
| 3 | +#include <std2.h> |
| 4 | + |
| 5 | +using namespace std2; |
| 6 | + |
| 7 | +struct S/(a) |
| 8 | +{ |
| 9 | + cell<optional<S/a const^/a>> x_; |
| 10 | + box<int> p_; |
| 11 | + |
| 12 | + S(box<int> p) safe |
| 13 | + : x_(optional<S/a const^/a>(.none)) |
| 14 | + , p_(rel p) |
| 15 | + { |
| 16 | + } |
| 17 | + |
| 18 | + ~S() safe { |
| 19 | + match(x_.get()) { |
| 20 | + .some(r) => println(*r->p_); |
| 21 | + .none => void(); |
| 22 | + }; |
| 23 | + } |
| 24 | +}; |
| 25 | + |
| 26 | +int main() safe |
| 27 | +{ |
| 28 | + { |
| 29 | + S s1(box<int>(1234)); |
| 30 | + S s2(box<int>(4321)); |
| 31 | + s1.x_.set(.some(^const s2)); |
| 32 | + s2.x_.set(.some(^const s1)); |
| 33 | + } |
| 34 | +} |
| 35 | + |
| 36 | +// outputs: |
| 37 | +// ❯ valgrind ./cell_box_uaf |
| 38 | +// ==352616== Memcheck, a memory error detector |
| 39 | +// ==352616== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al. |
| 40 | +// ==352616== Using Valgrind-3.22.0 and LibVEX; rerun with -h for copyright info |
| 41 | +// ==352616== Command: ./cell_box_uaf |
| 42 | +// ==352616== |
| 43 | +// 1234 |
| 44 | +// ==352616== Invalid read of size 4 |
| 45 | +// ==352616== at 0x4013E2: S::~S() (in /home/exbigboss/cpp/circle-root/safe-cpp/cell_box_uaf) |
| 46 | +// ==352616== by 0x401294: main (in /home/exbigboss/cpp/circle-root/safe-cpp/cell_box_uaf) |
| 47 | +// ==352616== Address 0x4e2c0d0 is 0 bytes inside a block of size 4 free'd |
| 48 | +// ==352616== at 0x484A164: operator delete(void*) (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) |
| 49 | +// ==352616== by 0x4015B5: std2::box<int>::~box() (in /home/exbigboss/cpp/circle-root/safe-cpp/cell_box_uaf) |
| 50 | +// ==352616== by 0x4013FE: S::~S() (in /home/exbigboss/cpp/circle-root/safe-cpp/cell_box_uaf) |
| 51 | +// ==352616== by 0x40128A: main (in /home/exbigboss/cpp/circle-root/safe-cpp/cell_box_uaf) |
| 52 | +// ==352616== Block was alloc'd at |
| 53 | +// ==352616== at 0x48479E8: operator new(unsigned long, std::nothrow_t const&) (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) |
| 54 | +// ==352616== by 0x4012D6: std2::box<int>::box(int) (in /home/exbigboss/cpp/circle-root/safe-cpp/cell_box_uaf) |
| 55 | +// ==352616== by 0x401223: main (in /home/exbigboss/cpp/circle-root/safe-cpp/cell_box_uaf) |
| 56 | +// ==352616== |
| 57 | +// 4321 |
| 58 | +// ==352616== |
| 59 | +// ==352616== HEAP SUMMARY: |
| 60 | +// ==352616== in use at exit: 0 bytes in 0 blocks |
| 61 | +// ==352616== total heap usage: 4 allocs, 4 frees, 74,760 bytes allocated |
| 62 | +// ==352616== |
| 63 | +// ==352616== All heap blocks were freed -- no leaks are possible |
0 commit comments