Skip to content

Fix stale reference bug in std.zig.system.resolveTargetQuery #25713

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Oct 28, 2025
Merged

Fix stale reference bug in std.zig.system.resolveTargetQuery #25713

merged 7 commits into from
Oct 28, 2025

Conversation

@SeanTUT
Copy link
Contributor

@SeanTUT SeanTUT commented Oct 27, 2025

When std.zig.resolveTargetQuery detects the native OS version, any SemanticVersion contained in the return value would use a stack buffer for the "pre" and "build" fields. This would result in a stale reference being returned from the function. To remedy this, an additional allocator parameter was added to the function.

@SeanTUT
Copy link
Contributor Author

SeanTUT commented Oct 27, 2025

cc @alexrp, as discussed in #25693

alexrp
alexrp reviewed Oct 27, 2025
View reviewed changes
@alexrp
Copy link
Member

alexrp commented Oct 27, 2025

Actually, now that I look at this a bit closer... there is indeed a stack UAF bug here, but I think the solution isn't to heap-allocate; rather, I think we should just throw away any non-null values for pre and build in the returned std.SemanticVersion instance.

std.Target in general assumes that versions are of the form major.minor[.patch] (with patch defaulting to 0), and that's also the only format the target triple syntax accepts. So it's actually pretty weird for native target resolution to introduce data beyond that form. I also don't think pre and build would ever be useful for anything in the std.Target context as they are not semantically meaningful per SemVer.

@SeanTUT
Remove allocator parameter from resolveTargetQuery
f2f5a20 
Instead of duplicating the prerelease and build components, we now
ignore them altogether. This is implemented in
Target.Query.parseVersion, which now additionally discards the
prerelease and build components.
@SeanTUT SeanTUT force-pushed the target-resolve-safety-patch branch from 78ed81b to f2f5a20 Compare October 27, 2025 17:19
SeanTUT and others added 3 commits October 27, 2025 13:20
@SeanTUT
Merge branch 'master' into target-resolve-safety-patch
a8d0455
@SeanTUT
Reintroduce validating the end of the version in Query.parseVersion
b14df9f 
This was removed while implementing the ignoring of prerelease and build
components, but currently it is incorrect to leave out
@SeanTUT
Merge branch 'target-resolve-safety-patch' of https://github.com/sean…
01d99a3 
…tut/zig into target-resolve-safety-patch
alexrp
alexrp reviewed Oct 27, 2025
View reviewed changes
alexrp
alexrp reviewed Oct 27, 2025
View reviewed changes
@SeanTUT
Remove solaris usage, disallow pre/build in Query.parseVersion
ac7f945
@SeanTUT
Update prerelease/build test in Target.Query.parseVersion
bd91fd0 
Now the test ensures that the function returns an error rather than
discarding the components
@SeanTUT SeanTUT mentioned this pull request Oct 28, 2025
Open
alexrp
alexrp reviewed Oct 28, 2025
View reviewed changes
@alexrp alexrp self-assigned this Oct 28, 2025
@SeanTUT @alexrp
Correct Target.query.parseVersion typo
4bd7530 
Co-authored-by: Alex Rønne Petersen <[email protected]>
@alexrp alexrp merged commit 35e1755 into ziglang:master Oct 28, 2025
7 of 9 checks passed
@alexrp alexrp removed their assignment Oct 28, 2025
TibboddiT pushed a commit to TibboddiT/zig that referenced this pull request Oct 28, 2025
@SeanTUT @alexrp @TibboddiT
Fix stale reference bug in std.zig.system.resolveTargetQuery (zigla…
aba4030 
…ng#25713)

Co-authored-by: Alex Rønne Petersen <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alexrp alexrp alexrp approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@SeanTUT @alexrp