Fix memory leak in owned_to_vec (#773)

venomousmoog · web-flow · commit 36675436cc34 · 2025-03-05T10:44:40.000+01:00
diff --git a/src/bytes.rs b/src/bytes.rs
@@ -1141,15 +1141,15 @@ unsafe fn owned_clone(data: &AtomicPtr<()>, ptr: *const u8, len: usize) -> Bytes
     }
 }
 
-unsafe fn owned_to_vec(_data: &AtomicPtr<()>, ptr: *const u8, len: usize) -> Vec<u8> {
+unsafe fn owned_to_vec(data: &AtomicPtr<()>, ptr: *const u8, len: usize) -> Vec<u8> {
     let slice = slice::from_raw_parts(ptr, len);
-    slice.to_vec()
+    let vec = slice.to_vec();
+    owned_drop_impl(data.load(Ordering::Relaxed));
+    vec
 }
 
 unsafe fn owned_to_mut(data: &AtomicPtr<()>, ptr: *const u8, len: usize) -> BytesMut {
-    let bytes_mut = BytesMut::from_vec(owned_to_vec(data, ptr, len));
-    owned_drop_impl(data.load(Ordering::Relaxed));
-    bytes_mut
+    BytesMut::from_vec(owned_to_vec(data, ptr, len))
 }
 
 unsafe fn owned_is_unique(_data: &AtomicPtr<()>) -> bool {
@@ -1161,6 +1161,10 @@ unsafe fn owned_drop_impl(owned: *mut ()) {
     let ref_cnt = &(*lifetime).ref_cnt;
 
     let old_cnt = ref_cnt.fetch_sub(1, Ordering::Release);
+    debug_assert!(
+        old_cnt > 0 && old_cnt <= usize::MAX >> 1,
+        "expected non-zero refcount and no underflow"
+    );
     if old_cnt != 1 {
         return;
     }
diff --git a/tests/test_bytes.rs b/tests/test_bytes.rs
@@ -1619,6 +1619,19 @@ fn owned_to_vec() {
     assert_eq!(drop_counter.get(), 1);
 }
 
+#[test]
+fn owned_into_vec() {
+    let drop_counter = SharedAtomicCounter::new();
+    let buf: [u8; 10] = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9];
+    let owner = OwnedTester::new(buf, drop_counter.clone());
+    let b1 = Bytes::from_owner(owner);
+
+    let v1: Vec<u8> = b1.into();
+    assert_eq!(&v1[..], &buf[..]);
+    // into() vec will copy out of the owner and drop it
+    assert_eq!(drop_counter.get(), 1);
+}
+
 #[test]
 #[cfg_attr(not(panic = "unwind"), ignore)]
 fn owned_safe_drop_on_as_ref_panic() {

Original file line number	Diff line number	Diff line change
`@@ -1141,15 +1141,15 @@ unsafe fn owned_clone(data: &AtomicPtr<()>, ptr: *const u8, len: usize) -> Bytes`
`1141`	`1141`	`}`
`1142`	`1142`	`}`
`1143`	`1143`
`1144`		`-unsafe fn owned_to_vec(_data: &AtomicPtr<()>, ptr: *const u8, len: usize) -> Vec<u8> {`
	`1144`	`+unsafe fn owned_to_vec(data: &AtomicPtr<()>, ptr: *const u8, len: usize) -> Vec<u8> {`
`1145`	`1145`	`let slice = slice::from_raw_parts(ptr, len);`
`1146`		`- slice.to_vec()`
	`1146`	`+ let vec = slice.to_vec();`
	`1147`	`+ owned_drop_impl(data.load(Ordering::Relaxed));`
	`1148`	`+ vec`
`1147`	`1149`	`}`
`1148`	`1150`
`1149`	`1151`	`unsafe fn owned_to_mut(data: &AtomicPtr<()>, ptr: *const u8, len: usize) -> BytesMut {`
`1150`		`- let bytes_mut = BytesMut::from_vec(owned_to_vec(data, ptr, len));`
`1151`		`- owned_drop_impl(data.load(Ordering::Relaxed));`
`1152`		`- bytes_mut`
	`1152`	`+ BytesMut::from_vec(owned_to_vec(data, ptr, len))`
`1153`	`1153`	`}`
`1154`	`1154`
`1155`	`1155`	`unsafe fn owned_is_unique(_data: &AtomicPtr<()>) -> bool {`
`@@ -1161,6 +1161,10 @@ unsafe fn owned_drop_impl(owned: *mut ()) {`
`1161`	`1161`	`let ref_cnt = &(*lifetime).ref_cnt;`
`1162`	`1162`
`1163`	`1163`	`let old_cnt = ref_cnt.fetch_sub(1, Ordering::Release);`
	`1164`	`+ debug_assert!(`
	`1165`	`+ old_cnt > 0 && old_cnt <= usize::MAX >> 1,`
	`1166`	`+ "expected non-zero refcount and no underflow"`
	`1167`	`+ );`
`1164`	`1168`	`if old_cnt != 1 {`
`1165`	`1169`	`return;`
`1166`	`1170`	`}`