fix(security): resolve CodeQL alerts #36 (boxed_free null check) and #38 (use-after-drop)

quantDIY · quantDIY · commit e6a045ea50c2 · 2026-01-29T15:28:11.000-05:00
diff --git a/client/react/desktop/tauri-app/src-tauri/patches/glib-0.18.5/src/collections/ptr_slice.rs b/client/react/desktop/tauri-app/src-tauri/patches/glib-0.18.5/src/collections/ptr_slice.rs
@@ -895,11 +895,16 @@ impl<T: TransparentPtrType> PtrSlice<T> {
             while self.len > len {
                 self.len -= 1;
                 let p = self.ptr.as_ptr().add(self.len);
-                ptr::drop_in_place::<T>(p as *mut T);
+                // We must use ptr::read() -> ptr::write() -> drop() sequence here to avoid
+                // CodeQL "Access of invalid pointer" alerts. drop_in_place() invalidates the
+                // memory location effectively for static analysis, so writing to it afterwards
+                // triggers a warning.
+                let item = ptr::read(p as *mut T);
                 ptr::write(
                     p,
                     ptr::null_mut(),
                 );
+                drop(item);
             }
         }
     }
diff --git a/client/react/desktop/tauri-app/src-tauri/patches/glib-0.18.5/src/subclass/boxed.rs b/client/react/desktop/tauri-app/src-tauri/patches/glib-0.18.5/src/subclass/boxed.rs
@@ -42,6 +42,9 @@ pub fn register_boxed_type<T: BoxedType>() -> crate::Type {
         Box::into_raw(copy) as ffi::gpointer
     }
     unsafe extern "C" fn boxed_free<T: BoxedType>(v: ffi::gpointer) {
+        if v.is_null() {
+            return;
+        }
         let v = v as *mut T;
         let _ = Box::from_raw(v);
     }

Original file line number	Diff line number	Diff line change
`@@ -895,11 +895,16 @@ impl<T: TransparentPtrType> PtrSlice<T> {`
`895`	`895`	`while self.len > len {`
`896`	`896`	`self.len -= 1;`
`897`	`897`	`let p = self.ptr.as_ptr().add(self.len);`
`898`		`- ptr::drop_in_place::<T>(p as *mut T);`
	`898`	`+ // We must use ptr::read() -> ptr::write() -> drop() sequence here to avoid`
	`899`	`+ // CodeQL "Access of invalid pointer" alerts. drop_in_place() invalidates the`
	`900`	`+ // memory location effectively for static analysis, so writing to it afterwards`
	`901`	`+ // triggers a warning.`
	`902`	`+ let item = ptr::read(p as *mut T);`
`899`	`903`	`ptr::write(`
`900`	`904`	`p,`
`901`	`905`	`ptr::null_mut(),`
`902`	`906`	`);`
	`907`	`+ drop(item);`
`903`	`908`	`}`
`904`	`909`	`}`
`905`	`910`	`}`
Original file line number	Diff line number	Diff line change
`@@ -42,6 +42,9 @@ pub fn register_boxed_type<T: BoxedType>() -> crate::Type {`
`42`	`42`	`Box::into_raw(copy) as ffi::gpointer`
`43`	`43`	`}`
`44`	`44`	`unsafe extern "C" fn boxed_free<T: BoxedType>(v: ffi::gpointer) {`
	`45`	`+ if v.is_null() {`
	`46`	`+ return;`
	`47`	`+ }`
`45`	`48`	`let v = v as *mut T;`
`46`	`49`	`let _ = Box::from_raw(v);`
`47`	`50`	`}`