starlight icon indicating copy to clipboard operation
starlight copied to clipboard

Published 20 hours ago verified publisher icon Starlight-JS

Possible unsound problems in crates/starlight/src/vm/environment.rs

Open lwz23 opened this issue 1 year ago • 1 comments

Although the library may no longer be maintained and will not compile in my current environment, I intend to report the issue for reference only. Description https://github.com/Starlight-JS/starlight/blob/503e789b9ef53594aee30c45a621018e855dcc17/crates/starlight/src/vm/environment.rs#L43 https://github.com/Starlight-JS/starlight/blob/503e789b9ef53594aee30c45a621018e855dcc17/crates/starlight/src/vm/environment.rs#L47 consider the two functions above, they use unsafe API from_raw_parts and from_raw_parts_mut, however, the Environment is a pub struct which means the user can directly manipulate its values_ptr and values_count fields, which are also pub, and pass directly into the unsafe API, so I believe there is a health issue here.

lwz23 avatar Dec 02 '24 09:12 lwz23

same problem for https://github.com/Starlight-JS/starlight/blob/503e789b9ef53594aee30c45a621018e855dcc17/crates/starlight/src/interpreter/stack.rs#L71

lwz23 avatar Dec 11 '24 15:12 lwz23