Fix weak-ref by-value function parameter UAF

[mikialex]

The #2447 not considered the by-value function parameter case. This MR try fix that.

All xxx.ptr = 0; will now called by __destroy_into_raw and unregister the finalizer.

[mikialex]

Could someone help checking why ci failed. Maybe the error not related to this change

[danielhenrymantilla]

Indeed, the CI failure seems to stem from a change in the compiler diagnostics; UI tests are generally brittle because of this. Someone ought to take the top of master, run the UI tests with the override setting enabled, so as to update the error message expectations, and submit a PR with those changes, so that you can afterwards rebase and fix that.

Regarding this PR, as the author of the one that fixed the self case (sorry I did not notice it occurred for non self values as well), the changes LGTM ✅

[alexcrichton]

Thanks for this! Can you add some tests specifically for this bug as well?

[mikialex]

According to https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/FinalizationRegistry, the time when FinalizationRegistry cleanup logic triggered is unpredictable. So I think it's hard to add test logic into CI, because your can't await GC happens.

For reference I create a repo simply for reproducing this bug and test the above fix: https://github.com/mikialex/wasm-bindgen-reproduce-2677

[alexcrichton]

Could the test you mentioned get added to this test suite? Even if it's not deterministically exercising the bug it's better than nothing I think.

[mikialex]

I'm trying to add some test but have some issues when figuring out how to run test suite on my machine.

Accroding to this https://rustwasm.github.io/docs/wasm-bindgen/contributing/testing.html#wasm-tests-on-node-and-headless-browsers and this https://rustwasm.github.io/wasm-bindgen/wasm-bindgen-test/browsers.html#appendix-testing-in-headless-browsers-without-wasm-pack, I tried SAFARIDRIVER=/usr/bin/safaridriver cargo test --target wasm32-unknown-unknown and cargo test --target wasm32-unknown-unknown they produce this error:

Running `target/debug/wasm-bindgen-test-runner /Users/mikialex/dev/wasm-bindgen/target/wasm32-unknown-unknown/debug/deps/headless-4f54a9baec924af2.wasm`
Set timeout to 20 seconds...
Running headless tests in Safari on `http://127.0.0.1:51646/`
Try find `webdriver.json` for configure browser's capabilities:
Ok
driver status: signal: 9                          
Error: non-200 response code: 500                 
<html>
<head>
 <title>500 Internal Privoxy Error</title>
 <link rel="shortcut icon" href="http://config.privoxy.org/error-favicon.ico" type="image/x-icon"></head>
<body>
<h1>500 Internal Privoxy Error</h1>
<p>Privoxy encountered an error while processing your request:</p>
<p><b>Could not load template file <code>no-server-data</code> or one of its included components.</b></p>
<p>Please contact your proxy administrator.</p>
<p>If you are the proxy administrator, please put the required file(s)in the <code><i>(confdir)</i>/templates</code> directory.  The location of the <code><i>(confdir)</i></code> directory is specified in the main Privoxy <code>config</code> file.  (It's typically the Privoxy install directory, or <code>/etc/privoxy/</code>).</p>
</body>
</html>

error: test failed, to rerun pass '--test headless'

so, did I miss something important? I assum this will execute the tests in tests folder.

[alexcrichton]

I'd recommend running the --test wasm tests which should only require node installed with a somewhat recent version

[alexjg]

Am I correct in thinking that this issue is fixed by 4458587 ?

[Liamolucko]

Am I correct in thinking that this issue is fixed by 4458587 ?

Yes, I think so.