DeepSource
Dashboard Resources Pricing Discover Directory Log in

Run your first analysis.

Find thousands of code security and quality issues in your codebase, before they end up in production.

Start now
Rust

Rust

Made by DeepSource
Use Analyzer

Audit required: Use of Vec::from_iter RS-A1006

Security
Major
 cwe-415

In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the element panics.

This bug has since been fixed, consider upgrading to a newer version Rust to mitigate this issue. To let the DeepSource Rust analyzer know which version of Rust you are using, set the msrv option in your .deepsource.toml file:

[[analyzers]]
name = "rust"
enabled = true

  [analyzers.meta]
  msrv = "1.53.0"

Bad practice

#[derive(Debug)]
enum MyEnum {
    DroppedTwice(Box<i32>),
    PanicOnDrop,
}

impl Drop for MyEnum {
    fn drop(&mut self) {
        match self {
            MyEnum::DroppedTwice(_) => println!("Dropping!"),
            MyEnum::PanicOnDrop => panic!(),
        }
    }
}

fn main() {
    let v = vec![MyEnum::DroppedTwice(Box::new(123)), MyEnum::PanicOnDrop];

    // results in a double-free error
    Vec::from_iter(v.into_iter().take(0));
}

References