burst.rs icon indicating copy to clipboard operation
burst.rs copied to clipboard

Published 20 hours ago verified publisher icon endoli

Unsound implementation of `read_32` and `read_16`

Open shinmao opened this issue 1 year ago • 0 comments

The source of unsoundness

https://github.com/endoli/burst.rs/blob/9be1ad9ed83dda43b0fb4aa7cd14b140a75cabef/src/x86/mod.rs#L7636-L7648 Hi, I found that read_32 could have unsound implementation. At line 7645, state.opcode is aligned to 1 byte. Casting to 4 bytes as u32 and dereference the misaligned pointer could lead to undefined behavior in safe function. read_16 has similar unsound implementation.

shinmao avatar Aug 27 '23 21:08 shinmao