Soundness issue in rust_fuzzer_custom_mutator
gigaroby opened this issue · 0 comments
gigaroby commented
While conducting an internal unsafe review @cramertj found issues in rust_fuzzer_custom_mutator
:
This function should also be unsafe
since it makes assumptions about $data
, $size
, and $max_size
when calling from_raw_parts_mut
. Additionally, as far as I can tell, there is no guarantee here that data
has been initialized up to max_size
, so it's not safe to use with from_raw_parts_mut
, as this would allow the user to read from uninitialized memory. Misoptimizations seem unlikely to be an issue in practice due to the FFI boundary, however.
Lines 464 to 485 in c9c43f3