Reported

April 23, 2025

Issued

May 20, 2026

Package

vku (crates.io)

Type

INFO Unsound

Categories

• memory-corruption

References

• https://github.com/ArrowMaxGithub/vku/issues/5
• https://github.com/ArrowMaxGithub/vku/commit/ce02c19ec35e5ee84c00ec5005be9d6d44599b5f

Patched

• >=0.4.0

Affected Functions

Version

vku::VMABuffer::set_data

• <=0.3.0

Description

VMABuffer::set_data was a publicly accessible safe function. It accepted an arbitrary offset and a data slice, then used the offset in unsafe pointer arithmetic before copying the slice into a mapped allocation.

Affected versions did not check that the requested write range fit within the allocation before calling ptr.add(offset) and copy_from_nonoverlapping. Safe Rust code could therefore trigger an out-of-bounds write by passing an offset outside the mapped allocation.

This makes the safe API unsound, since callers can trigger undefined behavior without using unsafe.

Version 0.4.0 added a bounds check before performing the pointer arithmetic and copy.

Advisory available under CC0-1.0 license.