libbluetooth-rs icon indicating copy to clipboard operation
libbluetooth-rs copied to clipboard
verified publisher icon Wodann

Possible unsound public API

Open charlesxsh opened this issue 7 months ago • 0 comments

src/hci_lib.rs

#[inline]
pub fn hci_set_bit(nr: c_int, addr: *mut c_uint) {
    let bitset = unsafe { addr.offset((nr >> 5) as isize).as_mut() }.unwrap();
    *bitset |= 1 << (nr & 31);
}
#[inline]
pub fn hci_clear_bit(nr: c_int, addr: *mut c_uint) {
    let bitset = unsafe { addr.offset((nr >> 5) as isize).as_mut() }.unwrap();
    *bitset &= !(1 << (nr & 31));
}
#[inline]
pub fn hci_test_bit(nr: c_int, addr: *mut c_uint) -> c_uint {
    let bitset = unsafe { addr.offset((nr >> 5) as isize).as_ref() }.unwrap();
    *bitset & (1 << (nr & 31))
}

Hi there, the public accessible functions hci_set_bit, hci_clear_bit, hci_test_bit takes a pointer parameter addr and use it without sufficient checks, which might cuase memory issues. In Rust, we should not cause any memory issues if merely using safe functions.

Suggestions:

  1. add sufficient check
  2. mark the function with unsafe

charlesxsh avatar May 21 '25 02:05 charlesxsh