Skip to content

Comments

fix: tie rust export borrows to analysis lifetime#17

Merged
anonrig merged 1 commit intonodejs:mainfrom
cijiugechu:fix/rust-lifetime-soundness
Feb 25, 2026
Merged

fix: tie rust export borrows to analysis lifetime#17
anonrig merged 1 commit intonodejs:mainfrom
cijiugechu:fix/rust-lifetime-soundness

Conversation

@cijiugechu
Copy link
Contributor

@cijiugechu cijiugechu commented Feb 25, 2026
edited
Loading

Resolves #16 .

Currently compiler can check UAF correctly :

Checking merve v1.1.0 (/home/baka/repos/merve/rust)
error[E0597]: `analysis` does not live long enough
 --> examples/unsound_check.rs:7:9
  |
5 |     let leaked: &str = {
  |         ------ borrow later stored here
6 |         let analysis = parse_commonjs(&src).unwrap();
  |             -------- binding `analysis` declared here
7 |         analysis.export_name(0).unwrap()
  |         ^^^^^^^^ borrowed value does not live long enough
8 |     };
  |     - `analysis` dropped here while still borrowed
For more information about this error, try `rustc --explain E0597`.
error: could not compile `merve` (example "unsound_check") due to 1 previous error

anonrig
anonrig approved these changes Feb 25, 2026
View reviewed changes
Copy link
Member

@anonrig anonrig left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you add a test that verifies this?

@anonrig anonrig merged commit 0fed125 into nodejs:main Feb 25, 2026
18 checks passed
@cijiugechu
Copy link
Contributor Author

cijiugechu commented Feb 25, 2026

Can you add a test that verifies this?

Added in #19 .

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@anonrig anonrig anonrig approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Unsoundness in Rust bindings

2 participants

@cijiugechu @anonrig