You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
// SAFETY: This is safe because the pointer is range-checked by get_slice, and
// the lifetime is the same as self.
A user of this library implementing VolatileMemory could cause unsoundness by writing an incorrect implementation of VolatileMemory::get_slice(). This means that it should be an unsafe trait (or private/sealed) with the safety requirements for implementors documented on the trait.
The text was updated successfully, but these errors were encountered:
Thank you for bringing your security concerns to our attention! We will investigate these immediately and follow up with you within 5 business days to provide a status.
(I did consider using the security policy but didn't in the end since this is basically "someone can cause UB if they use your library weirdly" which is bad from a rust unsafe model perspective but basically ok from a security perspective.)
Hello @Manishearth,
we have fixed the issue in #251 and published vm-memory 0.12.2 to crates.io. We will also go through the process of filing a RustSec advisory for affected versions. Thank you again for reporting this issue!
vm-memory/src/volatile_memory.rs
Lines 110 to 112 in 06ebc2a
The behavior of this trait method is relied upon in multiple places in unsafe code, e.g:
vm-memory/src/volatile_memory.rs
Lines 122 to 123 in 06ebc2a
A user of this library implementing
VolatileMemory
could cause unsoundness by writing an incorrect implementation ofVolatileMemory::get_slice()
. This means that it should be anunsafe trait
(or private/sealed) with the safety requirements for implementors documented on the trait.The text was updated successfully, but these errors were encountered: