Shrink buffer down to length to uphold safety invariant

CosmWasm · Mar 19, 2024 · f3ae0fd · f3ae0fd
1 parent f1fa4bb
commit f3ae0fd
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/packages/std/src/memory.rs b/packages/std/src/memory.rs
@@ -33,8 +33,13 @@ pub fn alloc(size: usize) -> *mut Region {
 /// Similar to alloc, but instead of creating a new vector it consumes an existing one and returns
 /// a pointer to the Region (preventing the memory from being freed until explicitly called later).
 ///
-/// The resulting Region has capacity = length, i.e. the buffer's capacity is ignored.
-pub fn release_buffer(buffer: Vec<u8>) -> *mut Region {
+/// The resulting Region has capacity = length, the buffer capacity is shrunk down to its length.
+pub fn release_buffer(mut buffer: Vec<u8>) -> *mut Region {
+    // Shrinking the buffer down to the length is important to uphold a safety invariant by the `dealloc` method.
+    // Passing in a differing size into the `dealloc` layout is considered undefined behaviour.
+    //
+    // See: <https://doc.rust-lang.org/stable/alloc/alloc/trait.GlobalAlloc.html#safety-2>
+    buffer.shrink_to_fit();
     let region = build_region(&buffer);
     mem::forget(buffer);
     Box::into_raw(region)