RUSTSEC-2026-0127

Integer overflow in array::ReadWrite::new() leading to potential memory corruption

Reported

May 2, 2026

Issued

May 13, 2026

Package

accessor (crates.io)

Type

INFO Unsound

Categories

memory-corruption

Keywords

#integer-overflow #out-of-bounds

References

https://github.com/toku-sa-n/accessor/issues/49

Patched

no patched versions

Description

In array::ReadWrite::new() (line 83 of accessor/src/array.rs), let bytes = mem::size_of::<T>() * len can overflow usize when len is very large. In release mode, this silently wraps, potentially making bytes = 0. The mapper then maps with 0 bytes, and subsequent accesses (e.g. read_volatile_at) lead to undefined behavior or memory corruption.

Note: array::ReadWrite::new() itself is unsafe, so direct triggering requires an unsafe block. However, the integer overflow violates the implicit safety contract expected by callers and can lead to memory corruption downstream.

Advisory available under CC0-1.0 license.