Hello, thank you for your contribution in this project. I am scanning the unsound problem in rust project and I notice the following code.
pub fn store(ts: *mut ffi::PyThreadState) -> PyThreadStateUnlimited {
match VERSION.1 {
6 => {
let ts = ts as *mut PyThreadStateUnlimited3_6;
unsafe {
let unlimited = PyThreadStateUnlimited {
frame: (*ts).frame,
recursion_depth: (*ts).recursion_depth,
exc_type: (*ts).exc_type,
exc_value: (*ts).exc_value,
exc_traceback: (*ts).exc_traceback,
..Default::default()
};
(*ts).frame = std::ptr::null_mut();
(*ts).recursion_depth = 0;
(*ts).exc_type = std::ptr::null_mut();
(*ts).exc_value = std::ptr::null_mut();
(*ts).exc_traceback = std::ptr::null_mut();
unlimited
}
}
...................................
consider this is a pub fn and loader is a pub mod, I assume the user can direct call the store function. If the user pass a eg. null pointer to ts, it will lead to a UB in rust.
Hello, thank you for your contribution in this project. I am scanning the unsound problem in rust project and I notice the following code.
consider this is a pub fn and loader is a pub mod, I assume the user can direct call the store function. If the user pass a eg. null pointer to ts, it will lead to a UB in rust.