Skip to content

fix: prevent use-after-free risk in dual reallocation #99

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
nh13 merged 1 commit into from
Dec 25, 2025
Merged

fix: prevent use-after-free risk in dual reallocation #99

nh13 merged 1 commit into from
Dec 25, 2025
+14 −6

Conversation

@nh13
Copy link
Owner

@nh13 nh13 commented Dec 22, 2025
edited by coderabbitai bot
Loading

Summary

  • Check each realloc return value immediately before the next allocation
  • Fixed in both occurrences in generate_errors_flows()

Closes #98

Test plan

  • Build succeeds
  • Integration tests pass

🤖 Generated with Claude Code

Summary by CodeRabbit

  • Bug Fixes
    • Improved error handling and reporting for memory allocation failures, providing more granular diagnostic messages when buffer expansion encounters issues during data processing.

✏️ Tip: You can customize this high-level summary in your review settings.

@nh13 @claude
fix: prevent use-after-free risk in dual reallocation
1d8a4d3 
Check each realloc return value immediately before the next allocation.
Previously, both reallocs were performed before checking either result,
which could leave memory in an inconsistent state if the second failed
after the first succeeded.

Closes #98

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@coderabbitai
Copy link

coderabbitai bot commented Dec 22, 2025
edited
Loading

📝 Walkthrough

Walkthrough

The changes refactor memory allocation error checking in generate_errors_flows() to validate each buffer reallocation independently instead of performing both operations before checking results. Two separate allocation sites are updated to check and assign each pointer immediately after its realloc call, preventing potential use-after-free scenarios.

Changes

Cohort / File(s) Summary
Memory allocation validation
src/dwgsim.c		 Split combined realloc error check into granular per-pointer validation in two locations (seq/mask buffer expansion). Each realloc now checked immediately before the next allocation, with distinct error messages for seq and mask failures.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 Hop hop, a fix so neat and fine,
Two checks now dance in perfect line,
No more use-after-free's sneaky call,
Each buffer checked before the fall!
Memory safe, our code runs strong,
The rabbit's path has been all along! 🥕

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. You can run @coderabbitai generate docstrings to improve docstring coverage.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title 'fix: prevent use-after-free risk in dual reallocation' directly summarizes the main objective of the PR: addressing a use-after-free vulnerability when reallocating memory buffers.
Linked Issues check ✅ Passed The PR changes correctly implement the proposed fix from issue #98: checking each realloc return value immediately and assigning before the next allocation, eliminating the use-after-free risk in both code locations.
Out of Scope Changes check ✅ Passed All changes are scoped to the linked issue #98 objectives: the modifications only affect memory allocation error checking in generate_errors_flows() with no extraneous changes.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch fix/use-after-free-reallocation
📜 Recent review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 26e3aa9 and 1d8a4d3.

📒 Files selected for processing (1)
  • src/dwgsim.c
🔇 Additional comments (2)
src/dwgsim.c (2)

293-308: LGTM! Proper fix for use-after-free risk.

The refactor correctly addresses the issue by checking and assigning each realloc result immediately before performing the next allocation. This prevents the inconsistent state that could occur if temp_mask realloc failed after temp_seq succeeded. The specific error messages for each buffer are also an improvement.

374-389: LGTM! Second occurrence correctly fixed.

This second allocation site applies the same safe pattern: each realloc is checked and assigned independently, eliminating the use-after-free risk. The implementation is consistent with the first occurrence.

Comment @coderabbitai help to get the list of available commands and usage tips.

@nh13
Copy link
Owner Author

nh13 commented Dec 25, 2025

@coderabbitai review

@coderabbitai
Copy link

coderabbitai bot commented Dec 25, 2025

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@nh13 nh13 merged commit e423254 into main Dec 25, 2025
2 checks passed
@nh13 nh13 deleted the fix/use-after-free-reallocation branch December 25, 2025 03:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

fix: use-after-free risk in dual reallocation

2 participants

@nh13