- Reported
-
- Issued
-
- Package
-
iced-x86
(crates.io)
- Type
-
Vulnerability
- Keywords
-
#soundness
- Aliases
-
- Details
-
https://github.com/icedland/iced/issues/168
- Patched
-
- Affected Functions
- Version
iced_x86::Decoder::new
-
Description
Versions of iced-x86 <= 1.10.3 invoke undefined behavior which may cause soundness
issues in crates using the iced_x86::Decoder
struct. The Decoder::new()
function
made a call to slice.get_unchecked(slice.length())
to get the end position of
the input buffer. The flaw was fixed with safe logic that does not invoke undefined
behavior.
More details can be found at https://github.com/icedland/iced/issues/168.