Skip to content
This repository has been archived by the owner on Feb 18, 2024. It is now read-only.

Cloning ArrowArray causes segfault on drop. #880

Closed
zirconium-n opened this issue Mar 3, 2022 · 3 comments · Fixed by #882
Closed

Cloning ArrowArray causes segfault on drop. #880

zirconium-n opened this issue Mar 3, 2022 · 3 comments · Fixed by #882
Labels
bug Something isn't working no-changelog Issues whose changes are covered by a PR and thus should not be shown in the changelog

Comments

@zirconium-n
Copy link

Following code easily segfault. Ffi_ArrowArray's Clone or Drop is incorrect, or did I break contract of export_array_to_c?

use std::sync::Arc;

use arrow2::array::UInt32Array;
use arrow2::ffi::{Ffi_ArrowArray, export_array_to_c};

fn main() {
    let arr = Arc::new(UInt32Array::from_vec(vec![1, 2, 3, 4]));
    let mut arr_ffi = Ffi_ArrowArray::empty();

    unsafe {
        export_array_to_c(arr.clone(), &mut arr_ffi as *mut _);
    };

    let _ = arr_ffi.clone();

    // Segfault on drop
}
@jorgecarleitao
Copy link
Owner

jorgecarleitao commented Mar 3, 2022
edited
Loading

Thank you very much for this report 🙇

I agree that this is a (serious) issue. My understanding is that we must not #derive Clone, since there is no guarantees over the pointers' lifetimes when the derived clone is used together with our implementation of Drop.

If you agree with this assessment, I suggest the following course of action:

  1. Create a fix (remove the derive(Clone)) and backport it for:

    • 0.7
    • 0.8
    • 0.9
    • latest main

  2. create an entry in the rust advisory so that we can communicate the fix and mitigations (i.e. do not clone FFi_ArrowArray).

Let me know what do you think.

@jorgecarleitao jorgecarleitao added the bug Something isn't working label Mar 3, 2022
@zirconium-n
Copy link
Author

Yes, I agree removing #[derive(Clone)] is the best solution.

Another way would be removing impl Drop and provide a unsafe fn drop_array, but it's probably too hard to use it correctly.

P.S. ArrowSchema and ArrowArrayStream have the same problem too.

@jorgecarleitao jorgecarleitao mentioned this issue Mar 4, 2022
Merged
@jorgecarleitao
Copy link
Owner

I have now fixed this in main, v0.7, v0.8 and v0.9. I has created an advisory, RUSTSEC-2022-0012 via rustsec/advisory-db#1204

Thank you again for this report that positively contributes to the soundness of this crate in particular and rust's ecosystem more broadly.

@youngsofun youngsofun mentioned this issue Mar 5, 2022
Closed
@jorgecarleitao jorgecarleitao changed the title Cloning Ffi_ArrowArray causes segfault on drop. Cloning ArrowArray causes segfault on drop. Mar 6, 2022
@jorgecarleitao jorgecarleitao added the no-changelog Issues whose changes are covered by a PR and thus should not be shown in the changelog label Mar 6, 2022
@wangfenjin wangfenjin mentioned this issue Mar 12, 2022
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Something isn't working no-changelog Issues whose changes are covered by a PR and thus should not be shown in the changelog
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fixed unsoundness of #derive(Clone) for FFI structs jorgecarleitao/arrow2
2 participants
@jorgecarleitao @zirconium-n