RUSTSEC-2025-0106

Undefined behavior in index_of_ptr with empty slices

Reported

October 21, 2025

Issued

October 21, 2025

Package

orx-pinned-vec (crates.io)

Type

INFO Unsound

Categories

memory-corruption

Keywords

#undefined-behavior #soundness

References

https://github.com/orxfun/orx-pinned-vec/issues/52
https://github.com/orxfun/orx-pinned-vec/pull/53

Patched

>=3.21.0

Affected Functions

Version

orx_pinned_vec::utils::slice::index_of_ptr

<3.21.0

Description

The safe function index_of_ptr causes undefined behavior when called with an empty slice.

The issue occurs in the line ptr.add(slice.len() - 1) which underflows when slice.len() is 0, creating a pointer with a massive offset. According to Rust's safety rules, creating such a pointer causes immediate undefined behavior.

Advisory available under CC0-1.0 license.