RUSTSEC-2023-0045

memoffset allows reading uninitialized memory

Reported

June 21, 2023

Issued

June 21, 2023 (last modified: July 8, 2023)

Package

memoffset (crates.io)

Type

INFO Unsound

Categories

memory-corruption

Keywords

#memoffset #offset

Aliases

GHSA-wfg4-322g-9vqv

References

https://github.com/Gilnaa/memoffset/issues/24

Patched

>=0.6.2

Affected Functions

Version

memoffset::offset_of

<0.6.2

Description

memoffset allows attempt of reading data from address 0 with arbitrary type. This behavior is an undefined behavior because address 0 to std::mem::size_of<T> may not have valid bit-pattern with T. Old implementation dereferences uninitialized memory obtained from std::mem::align_of. Older implementation prior to it allows using uninitialized data obtained from std::mem::uninitialized with arbitrary type then compute offset by taking the address of field-projection. This may also result in an undefined behavior for "father" that includes (directly or transitively) type that does not allow to be uninitialized.

This flaw was corrected by using std::ptr::addr_of in https://github.com/Gilnaa/memoffset/pull/50.

Advisory available under CC0-1.0 license.