Impact
An issue was discovered in the default implementations of the VolatileMemory::{get_atomic_ref, aligned_as_ref, aligned_as_mut, get_ref, get_array_ref}
trait functions, which allows out-of-bounds memory access if the VolatileMemory::get_slice
function returns a VolatileSlice
whose length is less than the function’s count
argument. No implementations of get_slice
provided in vm_memory
are affected. Users of custom VolatileMemory
implementations may be impacted if the custom implementation does not adhere to get_slice
's documentation.
Patches
The issue started in version 0.1.0 but was fixed in version 0.12.2 by inserting a check that verifies that the VolatileSlice
returned by get_slice
is of the correct length.
Workarounds
Not Required
References
aff1dd4
https://crates.io/crates/vm-memory/0.12.2
Impact
An issue was discovered in the default implementations of the
VolatileMemory::{get_atomic_ref, aligned_as_ref, aligned_as_mut, get_ref, get_array_ref}
trait functions, which allows out-of-bounds memory access if theVolatileMemory::get_slice
function returns aVolatileSlice
whose length is less than the function’scount
argument. No implementations ofget_slice
provided invm_memory
are affected. Users of customVolatileMemory
implementations may be impacted if the custom implementation does not adhere toget_slice
's documentation.Patches
The issue started in version 0.1.0 but was fixed in version 0.12.2 by inserting a check that verifies that the
VolatileSlice
returned byget_slice
is of the correct length.Workarounds
Not Required
References
aff1dd4
https://crates.io/crates/vm-memory/0.12.2