https://github.com/apache/incubator-teaclave-sgx-sdk/blob/3c903bdac4e503dd27b9b1f761c4abfc55f2464c/samplecode/localattestation/attestation/src/func.rs#L144-L145
https://github.com/apache/incubator-teaclave-sgx-sdk/blob/3c903bdac4e503dd27b9b1f761c4abfc55f2464c/samplecode/dcap-pckretrieval/qpl/src/lib.rs#L138
with `Box::into_raw()`, the pointee is on the heap. Multiple assignments will
cause leak of the old value.
Probable fix is like:
If `session_request_safe` should only be called once, adding an Atomic to
guarantee assigning only once.
```Rust
const UNINITIALIZED: usize = 0;
const INITIALIZING: usize = 1;
const INITIALIZED: usize = 2;
static GLOBAL_INIT: AtomicUsize = AtomicUsize::new(UNINITIALIZED);
pub struct SetGlobalDefaultError {
_no_construct: (),
}
// in `session_request_safe`
if GLOBAL_INIT
.compare_exchange(
UNINITIALIZED,
INITIALIZING,
Ordering::SeqCst,
Ordering::SeqCst,
)
.is_ok()
{
let ptr = Box::into_raw(Box::new(session_info));
*session_ptr = ptr as * mut _ as usize;
}
```
Otherwise add the else branch:
```Rust
else {
drop(Box::from_raw(*session_ptr));
let ptr = Box::into_raw(Box::new(session_info));
*session_ptr = ptr as * mut _ as usize;
}
```
--
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave-sgx-sdk/issues/441
You are receiving this because you are subscribed to this thread.
Message ID: <apache/incubator-teaclave-sgx-sdk/issues/4...@github.com>
