Fix a use-after-free in the Rust bindings

ProfFan · ProfFan · commit e6dd891b7eb7 · 2025-10-19T20:51:53.000-07:00
diff --git a/bindings/rust/unicorn-engine/src/hook.rs b/bindings/rust/unicorn-engine/src/hook.rs
@@ -68,6 +68,9 @@ pub unsafe extern "C" fn code_hook_proxy<D, F>(
 ) where
     F: FnMut(&mut crate::Unicorn<D>, u64, u32),
 {
+    if user_data.is_null() {
+        return;
+    }
     let user_data = unsafe { &mut *user_data };
     let mut user_data_uc = Unicorn {
         inner: user_data.uc.upgrade().unwrap(),
diff --git a/uc.c b/uc.c
@@ -2051,6 +2051,7 @@ uc_err uc_hook_del(uc_engine *uc, uc_hook hh)
                                  uc);
             g_hash_table_remove_all(hook->hooked_regions);
             hook->to_delete = true;
+            hook->user_data = NULL;
             uc->hooks_count[i]--;
             hook_append(&uc->hooks_to_del, hook);
         }

Original file line number	Diff line number	Diff line change
`@@ -2051,6 +2051,7 @@ uc_err uc_hook_del(uc_engine *uc, uc_hook hh)`
`2051`	`2051`	`uc);`
`2052`	`2052`	`g_hash_table_remove_all(hook->hooked_regions);`
`2053`	`2053`	`hook->to_delete = true;`
	`2054`	`+ hook->user_data = NULL;`
`2054`	`2055`	`uc->hooks_count[i]--;`
`2055`	`2056`	`hook_append(&uc->hooks_to_del, hook);`
`2056`	`2057`	`}`