An issue was discovered in the default implementations of the VolatileMemory::{get_atomic_ref, aligned_as_ref, aligned_as_mut, get_ref, get_array_ref}
trait functions, which allows out-of-bounds memory access if the VolatileMemory::get_slice
function returns a VolatileSlice
whose length is less than the function’s count
argument. No implementations of get_slice
provided in vm_memory
are affected. Users of custom VolatileMemory
implementations may be impacted if the custom implementation does not adhere to get_slice
's documentation.
The issue started in version 0.1.0 but was fixed in version 0.12.2 by inserting a check that verifies that the VolatileSlice
returned by get_slice
is of the correct length.
{ "license": "CC0-1.0" }
{ "affected_functions": null, "affects": { "os": [], "functions": [ "vm_memory::volatile_memory::VolatileMemory::aligned_as_mut", "vm_memory::volatile_memory::VolatileMemory::aligned_as_ref", "vm_memory::volatile_memory::VolatileMemory::get_array_ref", "vm_memory::volatile_memory::VolatileMemory::get_atomic_ref", "vm_memory::volatile_memory::VolatileMemory::get_ref" ], "arch": [] } }