Possible use-after-free issues in matrix implementation

[lizhuohua]

Hi. I am developing a static analysis tool for Rust and it detected some potential vulnerabilities in gmath's matrix implementation, for example function matrix2invert in file wasm/matrix2.rs.

First, a buffer ptr is allocated, then the ownership of ptr is transferred to a vector mat using Vec::from_raw_parts. When function matrix2invert returns, mat is deallocated thus the return value ptr becomes a dangling pointer.

Other functions with similar implementations also have the same issue. I believe this can be fixed by using std::slice::from_raw_parts_mut, which does not acquire the ownership:

// This should fix the issues
// let mut mat = Vec::from_raw_parts(ptr as *mut f32, LEN, LEN);
let mut mat = std::slice::from_raw_parts_mut(ptr as *mut f32, LEN);

I know nothing about WebAssembly's memory management, so I do not know whether this is a real bug or not. So I am creating this issue and looking for your help.

Thank you very much.

[eliassjogreen]

Thank you, this has been an issue I have been meaning to deal with for a while but got sidetracked by some other projects. I will make sure to fix it soon